[OpenAFS] creating alternate admin accounts for OpenAFS & krb 5
Derrick J Brashear
Wed, 22 Jan 2003 12:47:31 -0500 (EST)
On Wed, 22 Jan 2003, Lee Damon wrote:
> I am trying to create alternate admin accounts in AFS. I won't want to have
> to give all the SAs here the password to the main one. However, the alternate
> accounts, even though they are in the correct AFS group (system:administrators)
> don't have any access. I am suspecting that the link between the krb 5
> account (administered by another department) and the pts entry isn't being
> properly established, but I'm darned if I can figure out what I missed. It
> must be something very simple, of course.
> krb authentication to all accounts does work. I can get AFS tokens as
> nomad and as admin, but apparently not as nomad/afs.
> : || stefen  ; pts exa admin
> Name: admin, id: 1, owner: system:administrators, creator: anonymous,
> membership: 1, flags: S----, group quota: unlimited.
> : || stefen  ; pts exa nomad
> Name: nomad, id: 666, owner: system:administrators, creator: admin,
> membership: 1, flags: S----, group quota: 20.
> : || stefen  ; pts exa nomad/afs
> Name: nomad/afs, id: 667, owner: system:administrators, creator: admin,
you should be creating nomad.afs and assuming aklog transforms the
username for you, probably.