[OpenAFS] OpenAFS disallows principals with dots in them, was: Re: [OpenAFS] New setup. Strange permission denied! For *some* of my users. :(

Michael Joyner ᏩᏯ mjoyner@vbservices.net
Sat, 09 May 2009 19:11:34 -0400 

This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enig79945604AA402BDE588AAC5D
Content-Type: multipart/alternative;
 boundary="------------010202020601090700000700"

This is a multi-part message in MIME format.
--------------010202020601090700000700
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

Simon Wilkinson wrote:
>
> There is no inheritance. You'll have to change the command line
> options for them all. Note also that the correct option, in all cases
> is the plural one I gave you. Some of the man pages incorrectly list
> it in the singular.
>
> S.
>
Ok, I did a grep 'allow-dotted-principals' on the binaries in
/usr/lib/openafs/, for those that showed up, I added the option to the
appropriate entry in BosConfig. I should be able to find out Monday if
the problem is definitely gone. :)
------------------------------------------------------------------------

restarttime 16 0 0 0 0
checkbintime 3 0 5 0 0
bnode simple ptserver 1
parm /usr/lib/openafs/ptserver -allow-dotted-principals
end
bnode simple vlserver 1
parm /usr/lib/openafs/vlserver -allow-dotted-principals
end
bnode fs fs 1
parm /usr/lib/openafs/fileserver -p 23 -busyat 600 -rxpck 400 -s 1200 -l
1200 -cb 65535 -b 240 -vc 1200 -allow-dotted-principals
parm /usr/lib/openafs/volserver -allow-dotted-principals
parm /usr/lib/openafs/salvager
end
~=20
------------------------------------------------------------------------
       =20
I also created an /etc/default/openafs-fileserver file and put in:

DAEMON_ARGS=3D"-allow-dotted-principals"

------------------------------------------------------------------------

When I do a grep for anything that is *ver, I now get:

root@afs01:/etc/default# ps ax|grep ver
 4422 ?        S      0:00 [afs_checkserver]
14656 ?        Ss     0:00 /usr/sbin/bosserver -allow-dotted-principals
14657 ?        S      0:00 /usr/lib/openafs/ptserver
-allow-dotted-principals
14658 ?        S      0:00 /usr/lib/openafs/vlserver
-allow-dotted-principals
14659 ?        S<l    0:00 /usr/lib/openafs/fileserver -p 23 -busyat 600
-rxpck 400 -s 1200 -l 1200 -cb 65535 -b 240 -vc 1200
-allow-dotted-principals
14662 ?        Sl     0:00 /usr/lib/openafs/volserver
-allow-dotted-principals
14711 pts/1    R+     0:00 grep ver

--=20
LyX: http://www.lyx.org/ OpenOffice: http://www.openoffice.org/
Inkscape: http://www.inkscape.org/ Scribus: http://www.scribus.net/
GIMP: http://www.gimp.org/ PDF: http://www.pdfforge.org/


--------------010202020601090700000700
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
  <meta content=3D"text/html;charset=3DUTF-8" http-equiv=3D"Content-Type"=
>
</head>
<body bgcolor=3D"#ffffff" text=3D"#000000">
Simon Wilkinson wrote:
<blockquote
 cite=3D"mid:20090509204210.e9af0to7kco8osck@www.staffmail.ed.ac.uk"
 type=3D"cite"><br>
There is no inheritance. You'll have to change the command line options
for them all. Note also that the correct option, in all cases is the
plural one I gave you. Some of the man pages incorrectly list it in the
singular.
  <br>
  <br>
S.
  <br>
  <br>
</blockquote>
Ok, I did a grep 'allow-dotted-principals' on the binaries in
/usr/lib/openafs/, for those that showed up, I added the option to the
appropriate entry in BosConfig. I should be able to find out Monday if
the problem is definitely gone. :) <br>
<hr size=3D"2" width=3D"100%"><br>
<tt>restarttime 16 0 0 0 0<br>
checkbintime 3 0 5 0 0<br>
bnode simple ptserver 1<br>
parm /usr/lib/openafs/ptserver -allow-dotted-principals<br>
end<br>
bnode simple vlserver 1<br>
parm /usr/lib/openafs/vlserver -allow-dotted-principals<br>
end<br>
bnode fs fs 1<br>
parm /usr/lib/openafs/fileserver -p 23 -busyat 600 -rxpck 400 -s 1200
-l 1200 -cb 65535 -b 240 -vc 1200 -allow-dotted-principals<br>
parm /usr/lib/openafs/volserver -allow-dotted-principals<br>
parm /usr/lib/openafs/salvager<br>
end<br>
~=C2=A0 <br>
</tt>
<hr size=3D"2" width=3D"100%"><tt>=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0 <br>
</tt>I also created an /etc/default/openafs-fileserver file and put in:<b=
r>
<br>
<tt>DAEMON_ARGS=3D"-allow-dotted-principals"<br>
<br>
</tt>
<hr size=3D"2" width=3D"100%"><tt><br>
</tt>When I do a grep for anything that is *ver, I now get:<br>
<br>
<tt>root@afs01:/etc/default# ps ax|grep ver<br>
=C2=A04422 ?=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 S=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0 0:00 [afs_checkserver]<br>
14656 ?=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 Ss=C2=A0=C2=A0=C2=A0=C2=
=A0 0:00 /usr/sbin/bosserver -allow-dotted-principals<br>
14657 ?=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 S=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0 0:00 /usr/lib/openafs/ptserver
-allow-dotted-principals<br>
14658 ?=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 S=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0 0:00 /usr/lib/openafs/vlserver
-allow-dotted-principals<br>
14659 ?=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 S&lt;l=C2=A0=C2=A0=C2=A0=
 0:00 /usr/lib/openafs/fileserver -p 23 -busyat
600 -rxpck 400 -s 1200 -l 1200 -cb 65535 -b 240 -vc 1200
-allow-dotted-principals<br>
14662 ?=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 Sl=C2=A0=C2=A0=C2=A0=C2=
=A0 0:00 /usr/lib/openafs/volserver
-allow-dotted-principals<br>
14711 pts/1=C2=A0=C2=A0=C2=A0 R+=C2=A0=C2=A0=C2=A0=C2=A0 0:00 grep ver<br=
>
<br>
</tt>
<pre class=3D"moz-signature" cols=3D"72">--=20
LyX: <a class=3D"moz-txt-link-freetext" href=3D"http://www.lyx.org/">http=
://www.lyx.org/</a> OpenOffice: <a class=3D"moz-txt-link-freetext" href=3D=
"http://www.openoffice.org/">http://www.openoffice.org/</a>
Inkscape: <a class=3D"moz-txt-link-freetext" href=3D"http://www.inkscape.=
org/">http://www.inkscape.org/</a> Scribus: <a class=3D"moz-txt-link-free=
text" href=3D"http://www.scribus.net/">http://www.scribus.net/</a>
GIMP: <a class=3D"moz-txt-link-freetext" href=3D"http://www.gimp.org/">ht=
tp://www.gimp.org/</a> PDF: <a class=3D"moz-txt-link-freetext" href=3D"ht=
tp://www.pdfforge.org/">http://www.pdfforge.org/</a>
</pre>
</body>
</html>

--------------010202020601090700000700--

--------------enig79945604AA402BDE588AAC5D
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkoGDaYACgkQtX52dpJWQ8e5+wCfRo9WI0dU5YrT+vz0NzioXQiX
tpcAn2rsXU0XeoedkeUYDxZJle1agcq0
=HY6+
-----END PGP SIGNATURE-----

--------------enig79945604AA402BDE588AAC5D--