[OpenAFS-devel] Windows client - maintaining AFS Client admins group.

[Scott Williams]

At 08:14 AM 5/24/2005 -0400, you wrote:

><URL: http://rt.central.org/rt/Ticket/Display.html?id=18912 >
>
>I'm sorry, this is not a bug.   Being a machine Administrator does not
>make the user an "AFS Client" Administrator.  As I pointed out on the
>mailing list, one of the goals of creating the "AFS Client Admin" group
>is to separate machine Administration from AFS administration.

Understood. The client behaves as intended...


>What you wrote to me in the private e-mail was that you created a user
>"joe", added them to the "AFS Client Admin" group and logged out and
>back in.   In that case if the user cannot change the AFS Client
>configuration, it would be a bug.

I submitted the "bug" based that email (no mention of adding to the AFS 
Client Admins group)


Scott Williams wrote:
 > Is this the expected behavior?:
 >
 > - download & install OpenAFS Windows client (1.3.8201)
 > - restart, log in, create Administrator-level user JoeUser
 > - log out, log in as JoeUser
 > - open AFS Client Configuration (Control Panel) or Configure AFS Client
 > (afscreds)
 > --> checkbox "Obtain AFS Tokens when logging into Windows" is grayed out.
If that is the behavior that would be a bug.
Jeffrey Altman


>If you have a user that you want to be an AFS Client Administrator, you
>must add them to the AFS Client Administrator group.

Perhaps the installer shouldn't add all the existing Administrators to this 
group (this makes the policy a little murky, imo). I will rework my changes 
(auto-add Administrators to AFS Client Admins group) to into the afsdhook 
interface for this environment (pre-configured systems for incoming 
freshmen), but since this is a mutation, I will not bring this up anymore :).

--Scott