[OpenAFS] admin problem with AFS - krb5

Derek Atkins warlord@MIT.EDU
30 Apr 2001 09:41:12 -0400 

What name did you put in the AFS PTS DB?  You will need to use
'schulz.admin' and not 'schulz/admin' due to naming differences
between k4 (AFS) and k5.

-derek

Martin Schulz <schulz@iwrmm.math.uni-karlsruhe.de> writes:

> Hello, 
> 
> using afs against a kerberos 5 (with the migration kit by ken Hornstein) 
> I have a problem to get my administrative acount working. 
> 
> On the kas server, I have a "admin" principal that works
> flawlessly. Howerver, I want to switch that ka server off. I therefore
> created a "schulz/admin" principal on the Kerberos5, and want to take
> this principal take the role of the "admin" before.
> 
> I created a afs user ('pts createuser') with a not-yet-used afs id, I
> added the new principal to the system:administratos group and put him
> into the UserList on my afs server, but something must still be
> missing:
> 
> I can kinit to the schulz/admin principal and klist shows me the
> credentials. When using 'aklog', I get no error and 'tokens' shows me
> an afs token, but does not mention any AFS user id, as it does for my
> usual principal "schulz":
> 
> --------------------------------------------------------------------
> $ tokens
> 
> Tokens held by the Cache Manager:
> 
> Tokens for afs@iwrmm.uni-karlsruhe.de [Expires May  1 00:38]
>    --End of list--
> --------------------------------------------------------------------
> 
> Usually this read like:
> --------------------------------------------------------------------
> User's (AFS ID 1) tokens for afs@iwrmm.uni-karlsruhe.de [Expires May  1 15:47]
> --------------------------------------------------------------------
> 
> As a consequence I cannot issue any privileged commands as schulz/admin. 
> What does still need to get done? What am I overlooking? 
> 
> Yours,
> -- 
> Martin Schulz                             schulz@iwrmm.math.uni-karlsruhe.de
> Uni Karlsruhe, Institut f. wissenschaftliches Rechnen u. math. Modellbildung
> Engesser Str. 6, 76128 Karlsruhe
> _______________________________________________
> OpenAFS-info mailing list
> OpenAFS-info@openafs.org
> https://lists.openafs.org/mailman/listinfo.cgi/openafs-info

-- 
       Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
       Member, MIT Student Information Processing Board  (SIPB)
       URL: http://web.mit.edu/warlord/    PP-ASEL-IA     N1NWH
       warlord@MIT.EDU                        PGP key available