[OpenAFS-devel] pts examine

Martin MOKREJŠ mmokrejs@natur.cuni.cz
Tue, 3 Dec 2002 18:40:42 +0100 (CET)


On Tue, 3 Dec 2002, Neulinger, Nathan wrote:

> > Would someone believe that I'm so stupid to put into UserList
> > usernames in
> > a syntax of kerberos5 and NOT kerberos4? Thanks to Johan Danielson who
> > pointed me to this problem.
>
> >From changelog:
>
>         * src/auth/userok.c: DELTA
>         afs-superuser-foreign-realm-checks-20010514 AUTHOR nneul@umr.edu
>
>         This rewrite cleans up the code a bit, removes any athena specific
>         references (not needed anymore in this version), and adds support
>         for multi realm management of afs servers (you can now specify
>         "admin@OTHERREALM" in your userlist).

> Sounds like we just have the krb5 style syntax disabled at the
> moment... I don't remember the discussion, so I'm not sure why that is
> the case.
>
> Seems to me that enabling the krb5 syntax is a step in the right direction.

But how to enable it? ;-)

I can just state, that having mokrejs/admin@GSF.DE in UserList makes
ptserver, fileserver, bosserver unhappy with my tickets v5 & v4 & tokens
in ticket cache. I use heimdal-0.5.1. Maybe afs could use some kerberos
function to convert the name from v5 mapping to v4 in the meantime.
That will pickup the rewriting rules from krb5.conf also.

-- 
Martin Mokrejs <mmokrejs@natur.cuni.cz>, <m.mokrejs@gsf.de>
PGP5.0i key is at http://www.natur.cuni.cz/~mmokrejs
MIPS / Institute for Bioinformatics <http://mips.gsf.de>
GSF - National Research Center for Environment and Health
Ingolstaedter Landstrasse 1, D-85764 Neuherberg, Germany
tel.: +49-89-3187 3683 , fax: +49-89-3187 3585