On Thu, Jan 05, 2012 at 12:40:32PM +0000, Bobb Crosbie wrote: > Both principles are in the system:administrators group (this run when > authenticated as bobb.crosbie)
Here's your problem. Due to OpenAFS's history, krb5 principals with a slash (such as username/admin@REALM) are converted to their krb4 form, username.admin. By default, the ptserver disallows dotted principals to avoid the confusion of equivocating the krb5 principals user.admin@REALM and user/admin@REALM. If you are absolutely sure there are no such collisions in your realm, you can run your servers with -allow-dotted-principals. For more documentation: http://docs.openafs.org/Reference/8/ptserver.html -- Jonathan Billings <[email protected]> College of Engineering - CAEN - Unix and Linux Support _______________________________________________ OpenAFS-info mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-info
