[OpenAFS] OpenAFS+KerberosV permission problem

Ken Hornstein kenh@cmf.nrl.navy.mil
Thu, 29 May 2003 12:46:58 -0400


I am kinda surprised that neither of the Derr?[ie]c?ks noticed something
which I think is very likely your problem:

>For the most part things seem to work.  I can do the following with
>success (note: rwallace is a principal in the krb5 database and the
>realm is HABITAT.THEWALLACEPACK.NET with the cell being
          ^^^^^^^^^^^^^^^^^^^^^^^^^^
>thewallacepack.net):
 ^^^^^^^^^^^^^^^^^^

The "normal" configuration is to have your Kerberos realm match your
AFS cell name (except for case differences, of course).  Now, you _can_
operate them with two different names, but unless you understand exactly
what the downsides of this approach are, I would _not_ recommend it.

If your Kerberos realm name does _not_ match your AFS cell name, then you
will appear as a foreign realm user to AFS, and you will get all sorts of
"permission denied" problems (like you're getting, and that's why I think
that's your problem).

--Ken