[OpenAFS] Puzzler: lack of access to AFS files
John Hascall
john@iastate.edu
Wed, 12 Dec 2007 00:40:56 CST
> Russ Allbery wrote:
> > John Hascall <john@iastate.edu> writes:
> >> I'm sure I must be doing something embarrassingly stupid here,
> >> but I just can't figure out why this script is not able to
> >> access the files in AFS that it should be able to.
> >> Default principal: sysadmin/asw.iastate.edu@IASTATE.EDU
> > There's a hard-coded table of principals for which the Kerberos v5 support
> > in rxkad will do realm conversion in src/rxkad/ticket5.c, and sysadmin
> > isn't one of them.
Ah, I'll bet that's it -- we also just switched to using K5 aklog
instead of K4 aklog.
> You can add a new entry to 'sconv_list' in src/rxkad/ticket5.c. Use:
> R("sysadmin")
Hmmm, that's pretty ugly. For the KDC, I made this table be in
krb5.conf (I posted a diff for this back about 1.0.5 or so), but
I'm not sure I really want to go that way for AFS. I think maybe
just an instance-free name is the way for me to go, thanks,
John