[OpenAFS] creating alternate admin accounts for OpenAFS & krb 5

Lee Damon nomad@ssli-mail.ee.washington.edu
Wed, 22 Jan 2003 09:56:32 -0800 

Progress is being made :)

tokens now shows good stuff

: || stefen [230] ; tokens

Tokens held by the Cache Manager:

User's (AFS ID 667) tokens for afs@ee.washington.edu [Expires Jan 22 19:52]
   --End of list--

I can do pts createuser and pts adduser, so I'm clearly running with higher
access.  However, I still can't do a vos create.  This tells me I need to
go back and re-read some documentation about setting an access level somewhere,
but I'm sure I'll figure that out now that this is working.

thanks for the help!
nomad


> On Wed, 22 Jan 2003, Lee Damon wrote:
> 
> > I am trying to create alternate admin accounts in AFS.  I won't want to have
> > to give all the SAs here the password to the main one.  However, the alternate
> > accounts, even though they are in the correct AFS group (system:administrators)
> > don't have any access.   I am suspecting that the link between the krb 5
> > account (administered by another department) and the pts entry isn't being
> > properly established, but I'm darned if I can figure out what I missed.  It
> > must be something very simple, of course.
> > 
> > krb authentication to all accounts does work.  I can get AFS tokens as
> > nomad and as admin, but apparently not as nomad/afs.
> 
> > : || stefen [3] ; pts exa admin
> > Name: admin, id: 1, owner: system:administrators, creator: anonymous,
> >   membership: 1, flags: S----, group quota: unlimited.
> > : || stefen [4] ; pts exa nomad
> > Name: nomad, id: 666, owner: system:administrators, creator: admin,
> >   membership: 1, flags: S----, group quota: 20.
> > : || stefen [5] ; pts exa nomad/afs
> > Name: nomad/afs, id: 667, owner: system:administrators, creator: admin,
> 
> you should be creating nomad.afs and assuming aklog transforms the
> username for you, probably.

nomad
 -----------                       - Lee "nomad" Damon -          \
work: nomad@ee.washington.edu                                      \
play: nomad@castle.org    or castle!nomad                           \
                                                                    /\
Sr. Systems Admin, UWEE SSLI Lab                                   /  \
                "Celebrate Diversity"                             /    \