[OpenAFS] Fileserver doesn't recognise host-principals

Russ Allbery rra@stanford.edu
Thu, 04 Sep 2008 14:48:16 -0700

Frank Burkhardt <fbo2@gmx.net> writes:
> On Wed, Sep 03, 2008 at 10:34:18AM -0700, Russ Allbery wrote:

>> AFS uses K4 principal naming, so the PTS ID has to be rcmd.somehost.
>> AFS will map host/somehost.your.domain to rcmd.somehost internally
>> before checking ACLs.

> Thank you - that was the problem. Is there any reason for this "anomaly"?

It was done so that existing sites with host-based ACLs wouldn't have to
change their principal naming when moving from Kerberos v4 to Kerberos v5.

> Is it possible to disable it?

Not without source code modifications.

Russ Allbery (rra@stanford.edu)             <http://www.eyrie.org/~eagle/>