[OpenAFS] Puzzler: lack of access to AFS files

John Hascall john@iastate.edu
Sat, 15 Dec 2007 20:20:37 CST

> I'm presuming the problem is that the ticket inside of the
> token has sysadmin/asw.iastate.edu@IASTATE.EDU inside of it
> even though aklog was able to convert that to sysadmin.asw
> and thus correctly to the 'AFS ID 99940' (which is sysadmin.asw
> in the pts db).
> Would it work to modify the KDC such that when it hands out
> an afs/<cell>@REALM ticket for a TGT with a client name that
> is in the sconv table (like my sysadmin/asw.iastate.edu@IASTATE.EDU)
> that it 'K4-izes' that name (to sysadmin/asw in this case) in the
> returned ticket?  (Thus obviating the need to futz with the code
> on every AFS server.)
> Or is that just too hideous?

Well, on the very-off-chance that anyone else wants it,
I will announce that I have made this work.  Anyone is
welcome to it, with absolutely no warranty, of course :)