[OpenAFS] creating alternate admin accounts for OpenAFS & krb 5

Derrick J Brashear shadow@dementia.org
Wed, 22 Jan 2003 12:47:31 -0500 (EST)

On Wed, 22 Jan 2003, Lee Damon wrote:

> I am trying to create alternate admin accounts in AFS.  I won't want to have
> to give all the SAs here the password to the main one.  However, the alternate
> accounts, even though they are in the correct AFS group (system:administrators)
> don't have any access.   I am suspecting that the link between the krb 5
> account (administered by another department) and the pts entry isn't being
> properly established, but I'm darned if I can figure out what I missed.  It
> must be something very simple, of course.
> krb authentication to all accounts does work.  I can get AFS tokens as
> nomad and as admin, but apparently not as nomad/afs.

> : || stefen [3] ; pts exa admin
> Name: admin, id: 1, owner: system:administrators, creator: anonymous,
>   membership: 1, flags: S----, group quota: unlimited.
> : || stefen [4] ; pts exa nomad
> Name: nomad, id: 666, owner: system:administrators, creator: admin,
>   membership: 1, flags: S----, group quota: 20.
> : || stefen [5] ; pts exa nomad/afs
> Name: nomad/afs, id: 667, owner: system:administrators, creator: admin,

you should be creating nomad.afs and assuming aklog transforms the
username for you, probably.