[OpenAFS] Why do I get "pts: Permission denied" ??

Simon Wilkinson simonxwilkinson@gmail.com
Mon, 23 Apr 2012 13:12:54 +0100

On 23 Apr 2012, at 12:59, Stefan Michael Guenther wrote:

> Hi,
> our system is a Heimdal Kerberos together with an OpenAFS on a =
Ubuntu 11.10.
> My first attempt was to add myself to the group of administrators:
> root@intranet:~#  pts adduser stefan system:administrators -cell =
in-put.de -noauth
> pts: Permission denied ; unable to add user stefan to group =

-noauth means "Make the connection to the ptserver without any =
authentication at all". It will only work if the ptserver is running in =
NoAuth mode (which you do by starting the bosserver with the -noauth =

You're getting this error because, in normal operation, the anonymous =
user doesn't have permission to create users or groups.

> root@intranet:~# aklog -d
> Authenticating to cell in-put.de (server intranet.in-put.de).
> Trying to authenticate to user's realm IN-PUT.DE.
> Getting tickets: afs/in-put.de@IN-PUT.DE
> Using Kerberos V5 ticket natively
> Identical tokens already exist; skipping.
> root@intranet:~# tokens
> Tokens held by the Cache Manager:
> User's (AFS ID 1) tokens for afs@in-put.de [Expires Apr 23 23:31]
>   --End of list--
> Why am I not allowed to add a new user or group?

Does it work if you try these commands without the -noauth flag?