[OpenAFS] Is the 'admin' account required?

Derek Atkins warlord@MIT.EDU
Mon, 14 Jun 2004 12:08:42 -0400


You do not need an account named "admin" -- it's just a convention
created by Transarc/IBM, but not one that needs to be followed.  At
MIT we just use kerberos instances for administrator accounts, e.g.
"warlord.root" vs. "warlord".

The key point is that system:adminstrators (and bosserver SUsersList)
need to contain real accounts that can authenticate.  Creating an
'admin' account is one way to achieve this.  There are many others.
Choose whichever makes sense for your site.

-derek

Evan Anderson <argent@Dartmouth.EDU> writes:

> I've been hunting over the OpenAFS documentation, and I'm looking for
> confirmation (or denial) of the necessity of having an account named
> 'admin'.  As far as I can tell, this account need not exist; (or, in
> our case, be enabled) it is just a convention.
>
> I'm migrating from kaserver to MIT Kerberos 5, and one of my goals is
> to clean up the administrative access to the Kerberos 5 accounts.  So
> far, I haven't found a need for it, but I want to make sure I won't
> need it before I consign it to the dust-bin.
> _______________________________________________
> OpenAFS-info mailing list
> OpenAFS-info@openafs.org
> https://lists.openafs.org/mailman/listinfo/openafs-info
>
>

-- 
       Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
       Member, MIT Student Information Processing Board  (SIPB)
       URL: http://web.mit.edu/warlord/    PP-ASEL-IA     N1NWH
       warlord@MIT.EDU                        PGP key available