[OpenAFS] Usernames in pts

Russ Allbery rra@stanford.edu
Wed, 01 Aug 2007 03:20:45 -0700

Mikkel Kruse Johnsen <mikkel@linet.dk> writes:

> All of this is checked. If I do the same with a user not containing a
> dot "root@CBS.DK" then it works. So it is because there is a dot in my
> name.

You're being bitten by the code that tries to convert Kerberos v5
principal names to the Kerberos v4 convention used by AFS.

     * If the first part of the name_string contains a dot, punt since
     * then we can't see the diffrence between the kerberos 5
     * principals foo.root and foo/root later in the fileserver.
    if (strchr(decr_part.cname.name_string.val[0], '.') != NULL)
        goto bad_ticket;

(rxkad/ticket5.c).  I'm afraid you might be out of luck, at least with the
current version of AFS, unless you patch this code and remove this check
in your file servers.

Russ Allbery (rra@stanford.edu)             <http://www.eyrie.org/~eagle/>