Daniel J Priem <[EMAIL PROTECTED]> writes:

> Package: openafs-krb5
> Severity: normal

> Version in use is 
> openafs-krb5  1.4.2~fc4-3  AFS distributed filesystem Kerberos 5 integration

> Please ignore the different hostnames. it was on both the same error.
> Here trying with user root/afsadmin

> [EMAIL PROTECTED]:~# pts examine root/afsadmin
> Name: root/afsadmin, id: 1, owner: system:administrators, creator: anonymous,
>   membership: 1, flags: S----, group quota: unlimited.

This is a deficiency in the documentation rather than a bug per se, as
it's working the way that it's supposed to.  AFS uses a K4 naming scheme
for principals and for ease of conversion of sites from K4 to K5
automatically remaps principal names in tokens from K5 to K4 format.

Create a principal named root.afsadmin in PTS and put it in the
appropriate groups and you'll find that everything works.  More
specifically, the conversions performed are:

 * Drop everything in the principal name including and after the first
   period.
 * Convert a prefix of host/ to rcmd.
 * Change all slashes to periods.

(It's slightly more complex than that, but that's a good approximation.)
In the future, this behavior will hopefully be configurable.

I'll leave the bug open until I get a chance to update the documentation
somewhere to explain this.

-- 
Russ Allbery ([EMAIL PROTECTED])               <http://www.eyrie.org/~eagle/>


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Reply via email to