[OpenAFS] Re: [OpenAFS] Re: [OpenAFS] AFS/KRB principal service constraints?

Alena Manova nymano@seznam.cz
Tue, 26 Jan 2010 16:28:01 +0100 (CET)


> ------------ Původní zpráva ------------
> Od: Alena Manova <nymano@seznam.cz>
> Předmět: [OpenAFS] Re: [OpenAFS] AFS/KRB principal service constr=
aints?
> Datum: 26.1.2010 14:56:08
> ----------------------------------------
> > ------------ Původní zpráva ------------
> > Od: Alena Manova <nymano@seznam.cz>
> > Předmět: [OpenAFS] AFS/KRB principal service constraints?
> > Datum: 26.1.2010 14:48:41
> > ----------------------------------------
> > Hi,
> > 
> > I have strange issue with AFS authentication.
> > 
> > There are any problems with user principal access. Even server prin=
cipals for
> 
> sorry, I meant there are NOT any issues with user principal access...=

> 
> > http/* servers work fine (eg. krb principal http/server.domain.tld@=
REALM with
> > afs equivalent http.server can authenticate and access the AFS)
> > 
> > But can't make it working for cron/* principals - created
> > cron/server.domain.tld@REALM principal and cron.server AFS user but=
 no way to
> > obtain AFS tokens. the procedure is the same like for http/* princi=
pals which
> > work fine, so I am confused.
> > 
> > is there some constraint what is accepted as service in the princip=
al?
> > 
> > thank you, Nick.
> > __

well, no constraints but different mapping between kerberos and AFS.

for kerberos principal http/server.domain.tld@REALM I can create afs user http.server and it works fine.

for kerberos principal cron/server.domain.tld@REALM I must create afs user cron.server.domain.tld otherwise it doesn't work.

can someone explain that?

thanks, Nick.


_____________________________________________
> > OpenAFS-info mailing list
> > OpenAFS-info@openafs.org
> > https://lists.openafs.org/mailman/listinfo/openafs-info
> > 
> > 
> > 
> _______________________________________________
> OpenAFS-info mailing list
> OpenAFS-info@openafs.org
> https://lists.openafs.org/mailman/listinfo/openafs-info
> 
> 
>