[OpenAFS] admin problem with AFS - krb5
Martin Schulz
schulz@iwrmm.math.uni-karlsruhe.de
30 Apr 2001 15:00:08 +0200
Hello,
using afs against a kerberos 5 (with the migration kit by ken Hornstein)
I have a problem to get my administrative acount working.
On the kas server, I have a "admin" principal that works
flawlessly. Howerver, I want to switch that ka server off. I therefore
created a "schulz/admin" principal on the Kerberos5, and want to take
this principal take the role of the "admin" before.
I created a afs user ('pts createuser') with a not-yet-used afs id, I
added the new principal to the system:administratos group and put him
into the UserList on my afs server, but something must still be
missing:
I can kinit to the schulz/admin principal and klist shows me the
credentials. When using 'aklog', I get no error and 'tokens' shows me
an afs token, but does not mention any AFS user id, as it does for my
usual principal "schulz":
--------------------------------------------------------------------
$ tokens
Tokens held by the Cache Manager:
Tokens for afs@iwrmm.uni-karlsruhe.de [Expires May 1 00:38]
--End of list--
--------------------------------------------------------------------
Usually this read like:
--------------------------------------------------------------------
User's (AFS ID 1) tokens for afs@iwrmm.uni-karlsruhe.de [Expires May 1 15:47]
--------------------------------------------------------------------
As a consequence I cannot issue any privileged commands as schulz/admin.
What does still need to get done? What am I overlooking?
Yours,
--
Martin Schulz schulz@iwrmm.math.uni-karlsruhe.de
Uni Karlsruhe, Institut f. wissenschaftliches Rechnen u. math. Modellbildung
Engesser Str. 6, 76128 Karlsruhe