[OpenAFS] Usernames in pts

Mikkel Kruse Johnsen mikkel@linet.dk
Wed, 01 Aug 2007 12:06:40 +0200


--=-qFcbCJ0s693MjJYKBjJE
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Hi Dirk

All of this is checked. If I do the same with a user not containing a
dot "root@CBS.DK" then it works. So it is because there is a dot in my
name.

fs la /afs/cbs.dk/home/mkj.lib
Access list for /afs/cbs.dk/home/mkj.lib is
Normal rights:
  system:administrators rlidwka
  mkj.lib rlidwka


pts listentries
Name                          ID  Owner Creator
anonymous                  32766   -204    -204 
admin                          1   -204   32766 
mkj.lib                      500   -204       1 
root                         499   -204       1 


klist -e -f
Ticket cache: FILE:/tmp/krb5cc_500
Default principal: mkj.lib@CBS.DK

Valid starting     Expires            Service principal
08/01/07 11:09:51  08/02/07 11:09:51  krbtgt/CBS.DK@CBS.DK
        Flags: FI, Etype (skey, tkt): ArcFour with HMAC/md5, Triple DES
cbc mode with HMAC/sha1 
08/01/07 11:09:55  08/02/07 11:09:51  afs/cbs.dk@CBS.DK
        Flags: FT, Etype (skey, tkt): DES cbc mode with CRC-32, DES cbc
mode with CRC-32 


/Mikkel


On Wed, 2007-08-01 at 11:58 +0200, Dirk Heinrichs wrote:

> Am Mittwoch, 1. August 2007 schrieb ext Mikkel Kruse Johnsen:
> 
> >     pts createuser mkj.lib 500
> >     fs setacl /afs/.cbs.dk/home/mkj.lib all
> 
> Did you check the ACL entry with fs la?
> 
> >     kinit mkj.lib
> >     aklog
> 
> Do you get a ticket/token? Check with klist/tokens.
> 
> Bye...
> 
> 	Dirk
> !DSPAM:46b059a236118362916074!

Mikkel Kruse Johnsen
Linet
Ørholmgade 6 st tv
2200 København N

Tlf: +45 2128 7793
email: mikkel@linet.dk
www: http://www.linet.dk

--=-qFcbCJ0s693MjJYKBjJE
Content-Type: text/html; charset=utf-8
Content-Transfer-Encoding: 7bit

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 TRANSITIONAL//EN">
<HTML>
<HEAD>
  <META HTTP-EQUIV="Content-Type" CONTENT="text/html; CHARSET=UTF-8">
  <META NAME="GENERATOR" CONTENT="GtkHTML/3.14.3">
</HEAD>
<BODY>
Hi Dirk<BR>
<BR>
All of this is checked. If I do the same with a user not containing a dot &quot;<A HREF="mailto:root@CBS.DK">root@CBS.DK</A>&quot; then it works. So it is because there is a dot in my name.<BR>
<BR>
fs la /afs/cbs.dk/home/mkj.lib<BR>
Access list for /afs/cbs.dk/home/mkj.lib is<BR>
Normal rights:<BR>
&nbsp; system:administrators rlidwka<BR>
&nbsp; mkj.lib rlidwka<BR>
<BR>
<BR>
pts listentries<BR>
Name&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; ID&nbsp; Owner Creator<BR>
anonymous&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 32766&nbsp;&nbsp; -204&nbsp;&nbsp;&nbsp; -204 <BR>
admin&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 1&nbsp;&nbsp; -204&nbsp;&nbsp; 32766 <BR>
mkj.lib&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 500&nbsp;&nbsp; -204&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 1 <BR>
root&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 499&nbsp;&nbsp; -204&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 1 <BR>
<BR>
<BR>
klist -e -f<BR>
Ticket cache: FILE:/tmp/krb5cc_500<BR>
Default principal: <A HREF="mailto:mkj.lib@CBS.DK">mkj.lib@CBS.DK</A><BR>
<BR>
Valid starting&nbsp;&nbsp;&nbsp;&nbsp; Expires&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Service principal<BR>
08/01/07 11:09:51&nbsp; 08/02/07 11:09:51&nbsp; krbtgt/<A HREF="mailto:CBS.DK@CBS.DK">CBS.DK@CBS.DK</A><BR>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Flags: FI, Etype (skey, tkt): ArcFour with HMAC/md5, Triple DES cbc mode with HMAC/sha1 <BR>
08/01/07 11:09:55&nbsp; 08/02/07 11:09:51&nbsp; afs/<A HREF="mailto:cbs.dk@CBS.DK">cbs.dk@CBS.DK</A><BR>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Flags: FT, Etype (skey, tkt): DES cbc mode with CRC-32, DES cbc mode with CRC-32 <BR>
<BR>
<BR>
/Mikkel<BR>
<BR>
<BR>
On Wed, 2007-08-01 at 11:58 +0200, Dirk Heinrichs wrote:
<BLOCKQUOTE TYPE=CITE>
<PRE>
<FONT COLOR="#000000">Am Mittwoch, 1. August 2007 schrieb ext Mikkel Kruse Johnsen:</FONT>

<FONT COLOR="#000000">&gt;     pts createuser mkj.lib 500</FONT>
<FONT COLOR="#000000">&gt;     fs setacl /afs/.cbs.dk/home/mkj.lib all</FONT>

<FONT COLOR="#000000">Did you check the ACL entry with fs la?</FONT>

<FONT COLOR="#000000">&gt;     kinit mkj.lib</FONT>
<FONT COLOR="#000000">&gt;     aklog</FONT>

<FONT COLOR="#000000">Do you get a ticket/token? Check with klist/tokens.</FONT>

<FONT COLOR="#000000">Bye...</FONT>

<FONT COLOR="#000000">	Dirk</FONT>
<FONT COLOR="#000000">!DSPAM:46b059a236118362916074!</FONT>
</PRE>
</BLOCKQUOTE>
<TABLE CELLSPACING="0" CELLPADDING="0" WIDTH="100%">
<TR>
<TD>
Mikkel Kruse Johnsen<BR>
Linet<BR>
&#216;rholmgade 6 st tv<BR>
2200 K&#248;benhavn N<BR>
<BR>
Tlf: +45 2128 7793<BR>
email: mikkel@linet.dk<BR>
www: http://www.linet.dk
</TD>
</TR>
</TABLE>
</BODY>
</HTML>

--=-qFcbCJ0s693MjJYKBjJE--