[OpenAFS] Re: foreign-realm members of system:administrators
have weakened powers?
Jeffrey Hutzelman
jhutz@cmu.edu
Fri, 27 Jan 2006 00:42:45 -0500
On Wednesday, January 25, 2006 10:26:16 PM -0800 Adam Megacz
<megacz@cs.berkeley.edu> wrote:
>
> Jeffrey Hutzelman <jhutz@cmu.edu> writes:
>>> using my "main" principal -- I executed these commands while holding
>>> tokens for megacz@megacz.com in cell research.cs.berkeley.edu:
>>> $ pts creategroup project.sbp system:administrators -cell
>>> research.cs.berkeley.edu pts: Permission denied ; unable to create
>>> group project.sbp with id 0 owned by 'system:administrators'
>
>> Since you've shown that megacz@megacz.com is clearly a member of s:a,
>> my first guess is that for some reason your request was not really
>> authenticated as megacz@megacz.com. I suggest looking at the logs;
>> there should be a log message corresponding to the attempt which will
>> tell you the parameters used and who the ptserver actually thought you
>> were.
>
> Hrm, after two "kill -TSTP"s, this is all I get out of PtLog when
> attempting the "creategroup". Am I reading the wrong log(s)?
No; I think you're just not running with enough debugging.
The interesting message happens at LogLevel >= 25. To get this level,
you will need to send SIGTSTP to the ptserver three times.
-- Jeff