[OpenAFS] cross-realm afs client access

Derek Atkins warlord@MIT.EDU
Wed, 01 Sep 2004 22:13:12 -0400 

Do you have a system:authuser@cs.umd.edu group in the csic.umd.edu
cell?

-derek

"Derek T. Yarnell" <derek@cs.umd.edu> writes:

> Alright I have two kerberos realms CS.UMD.EDU and CSIC.UMD.EDU.
> CSIC.UMD.EDU has a afs cell with the same name.
>
> I am using all the same CellServDB files with the CSIC and CS realms.
>
> [derek@macdonald users]$ klist
> Ticket cache: FILE:/tmp/krb5cc_2174_Qu251L
> Default principal: derek@CS.UMD.EDU
>
> Valid starting     Expires            Service principal
> 08/30/04 10:21:27  09/01/04 10:21:27  krbtgt/CS.UMD.EDU@CS.UMD.EDU
>         renew until 09/01/04 10:21:27
> 08/30/04 10:21:31  09/01/04 10:21:27  krbtgt/CSIC.UMD.EDU@CS.UMD.EDU
>         renew until 09/01/04 10:21:27
> 08/30/04 10:21:31  08/30/04 20:21:31  afs/csic.umd.edu@CSIC.UMD.EDU
>         renew until 08/30/04 10:21:31
>
> [derek@macdonald users]$ aklog -d
> Authenticating to cell csic.umd.edu (server queasy.csic.umd.edu).
> We've deduced that we need to authenticate to realm CSIC.UMD.EDU.
> Getting tickets: afs/csic.umd.edu@CSIC.UMD.EDU
> About to resolve name derek@CS.UMD.EDU to id in cell csic.umd.edu.
> Id 32766
> doing first-time registration of derek@cs.umd.edu at csic.umd.edu
> aklog: Badly formed name (group prefix doesn't match owner?) so unable
> to create remote PTS user derek@cs.umd.edu in cell csic.umd.edu (status:
> 267272).
> Set username to derek@cs.umd.edu
> Setting tokens. derek@cs.umd.edu /  @ CS.UMD.EDU 
>
> When I try to create a user in the csic realm with the whole name it
> doesn't work either,
>
> [derek@queasy derek]# pts createuser -name derek@cs.umd.edu -id 217400
> pts: Badly formed name (group prefix doesn't match owner?) ; unable to
> create user derek@cs.umd.edu with id 217400 
>
> Personally I would like to not have users of username@cs.umd.edu in the
> CSIC realm/cell because everyone in CS that would access CSIC would have
> an account in both. Is there a way to map derek@cs.umd.edu to just
> derek?
>
> -- 
> Derek T. Yarnell
> UNIX System Administrator
> Computer Science Deparment
> University of Maryland
> _______________________________________________
> OpenAFS-info mailing list
> OpenAFS-info@openafs.org
> https://lists.openafs.org/mailman/listinfo/openafs-info
>
>

-- 
       Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
       Member, MIT Student Information Processing Board  (SIPB)
       URL: http://web.mit.edu/warlord/    PP-ASEL-IA     N1NWH
       warlord@MIT.EDU                        PGP key available