[OpenAFS] Administrators with a slash

Bobb Crosbie bobb.crosbie@cremeglobal.com
Tue, 10 Jan 2012 13:18:24 +0000 

--14dae93407bbff4c2304b62c5b48
Content-Type: text/plain; charset=ISO-8859-1

Thanks Guys, that seems to be issue.

I now recall reading about the slash -> dot remapping in the docs, but I
had forgotten about it.

I think perhaps the tools might have done a better job of indicating that
there was a problem, and what it might be ?

If slashes are remapped to dots, then perhaps ``pts createuser'' should
issue a warning message if you try to create a user with a slash ?
As it stands (1.4.12 & 1.6.0), pts happily creates the user with the slash
and also includes it in the list of entries.

When running aklog, I believe it attempts to get tokens for the default
principle otherwise it doesn't get any tokens and/or just gets a token for
the anonymous user.
It might be nice if aklog indicated that this was happening.  Even ``aklog
-d'' doesn't really show much, apart from showing that I have been assigned
the ID 32766 of the anonymous user.

Is it necessary to have the anonymous user in pts ?
What's the best way to restrict anonymous access to our cell ?  We don't
need it.  Our data volumes don't have "anyuser" access, but I'm hesitant to
remove it from our root volumes


Many Thanks again.

- bobb

--14dae93407bbff4c2304b62c5b48
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

<br>Thanks Guys, that seems to be issue.<br><br>I now recall reading about =
the slash -&gt; dot remapping in the docs, but I had forgotten about it.<br=
><br>I think perhaps the tools might have done a better job of indicating t=
hat there was a problem, and what it might be ?<br>


<br>If slashes are remapped to dots, then perhaps ``pts createuser&#39;&#39=
; should issue a warning message if you try to create a user with a slash ?=
<br>As it stands (1.4.12 &amp; 1.6.0), pts happily creates the user with th=
e slash and also includes it in the list of entries.<br>

<br>When running aklog, I believe it attempts to get tokens for the default=
 principle otherwise it doesn&#39;t get any tokens and/or just gets a token=
 for the anonymous user.<br>It might be nice if aklog indicated that this w=
as happening.=A0 Even ``aklog -d&#39;&#39; doesn&#39;t really show much, ap=
art from showing that I have been assigned the ID 32766 of the anonymous us=
er.<br>

<br>
Is it necessary to have the anonymous user in pts ?<br>What&#39;s the best =
way to restrict anonymous access to our cell ?=A0 We don&#39;t need it.=A0 =
Our data volumes don&#39;t have &quot;anyuser&quot; access, but I&#39;m hes=
itant to remove it from our root volumes<br>

<br><br>Many Thanks again.<br><br>- bobb<br><br>

--14dae93407bbff4c2304b62c5b48--