[OpenAFS] Debian - openafs -noauth problems

Madhusudan Singh singh.madhusudan@gmail.com
Fri, 19 Aug 2005 21:42:55 -0400


Hi

	Thanks for your response.

On Friday 19 August 2005 4:10 pm, Russ Allbery wrote: 

> Madhusudan Singh <singh.madhusudan@gmail.com> writes:
> > omega:~# tokens
> >
> > Tokens held by the Cache Manager:
> >
> > User's (AFS ID 2) tokens for afs@omega.domain.edu [Expires Aug 13 01:18]
> >    --End of list--
> >
> > omega:~# fs setacl /afs system:anyuser rl
> > fs: You don't have the required access rights on '/afs'
>
> This is a very basic question, but is PTS ID 2 the user who's in
> system:administrators?
>
> What is the output of the following commands?
>
>     pts membership system:administrators

Without tickets and tokens, as root :

libprot: a pioctl failed Could not get afs tokens, running unauthenticated.
Members of system:administrators (id: -204) are:
  zzzz

(The admin account).

>     pts exam 2

omega:~# pts exam 2
libprot: a pioctl failed Could not get afs tokens, running unauthenticated.
Name: zzzz, id: 2, owner: system:administrators, creator: anonymous,
  membership: 1, flags: S----, group quota: unlimited.

>
> I would have expected PTS ID 1 to be the user in system:administrators,
> but possibly not.  You need to authenticate as a user in that group in
> order to be able to change the initial ACL on /afs.
>

It is 2 because I had initially created "admin" as the administrative user. In 
this realm A, cell B setup, that led to an impossible situation. So, I had to 
delete it, and create zzzz as the admin user.

> Note again that, if using Debian, it's much easier to just use the
> afs-newcell and afs-rootvol scripts.

I am using Debian, but am trying to get familiar with the setup. Further, if 
the manual attempt to create ACL's on /afs does not work, there is no reason 
to suppose that the script will work either (it probably invokes the same 
commands).

With regards,

MS