[OpenAFS] Fileserver doesn't recognise host-principals
Thu, 04 Sep 2008 14:48:16 -0700
Frank Burkhardt <firstname.lastname@example.org> writes:
> On Wed, Sep 03, 2008 at 10:34:18AM -0700, Russ Allbery wrote:
>> AFS uses K4 principal naming, so the PTS ID has to be rcmd.somehost.
>> AFS will map host/somehost.your.domain to rcmd.somehost internally
>> before checking ACLs.
> Thank you - that was the problem. Is there any reason for this "anomaly"?
It was done so that existing sites with host-based ACLs wouldn't have to
change their principal naming when moving from Kerberos v4 to Kerberos v5.
> Is it possible to disable it?
Not without source code modifications.
Russ Allbery (email@example.com) <http://www.eyrie.org/~eagle/>