[OpenAFS] User write access to AFS filespace denied

Thu, 25 Aug 2005 18:33:38 +0200

* Konstantin Boyanov [2005-08-25 17:56:41 +0200]:
> I have a running AFS client on a PowerPC machine,

Under what operating system? Choices include Linux, various BSDs
(Mac OS X is among them), maybe AIX...

>                                                  and I can acces the AFS 
> filespace of the home cell when I'm logged on the PowerPC. The problem is 
> that I cannot make any changes to the files in that filespace (like, for 
> example editing and creating files, creating dorectories etc.), while this 
> is possible from other machines on the cell. I mean, from the PowerPC I can 
> access the AFS filespace only whit a local account, and not with a true AFS 
> account (in fact I cannot login with a valid AFS account on that machine 
> yet...). Does anybody have any idea what could be wrong so this problem 
> occurs?

1. Does your AFS cell use Kerberos 5 authentication, or is it still
   V4-based? If it uses Kerberos 5, your first task is to get that
   to work. kinit <your_principal> and see (with klist) what tickets you
   get.
2. If using Kerberos 5, you may need to install (and run) aklog or an
   equivalent tool (afslog, gssklog, etc.) Otherwise try the klog that
   came with your AFS distribution. On Mac OS X, install the appropriate
   .loginLogout plugin into /Library/Kerberos\ Plug-Ins/ in order for
   kinit (and later loginWindow) to get AFS tokens on login.
3. Use the tokens command to check whether you've got a token. If you
   have, test its validity by issuing a pts command (e.g.,
   pts examine <your_afs_uid>).