[OpenAFS] Usernames in pts
Russ Allbery
rra@stanford.edu
Wed, 01 Aug 2007 03:20:45 -0700
Mikkel Kruse Johnsen <mikkel@linet.dk> writes:
> All of this is checked. If I do the same with a user not containing a
> dot "root@CBS.DK" then it works. So it is because there is a dot in my
> name.
You're being bitten by the code that tries to convert Kerberos v5
principal names to the Kerberos v4 convention used by AFS.
/*
* If the first part of the name_string contains a dot, punt since
* then we can't see the diffrence between the kerberos 5
* principals foo.root and foo/root later in the fileserver.
*/
if (strchr(decr_part.cname.name_string.val[0], '.') != NULL)
goto bad_ticket;
(rxkad/ticket5.c). I'm afraid you might be out of luck, at least with the
current version of AFS, unless you patch this code and remove this check
in your file servers.
--
Russ Allbery (rra@stanford.edu) <http://www.eyrie.org/~eagle/>