[OpenAFS] [SOLVED] permissions of administrator

Jayen Ashar jayen@science.unsw.edu.au
Sun, 10 Jun 2012 21:06:38 +1000


I wiped everything and started over (which I did a few times).  I'm
not sure what I did differently this time.  It was either
/etc/openafs/server/krb.conf had something wrong in it, or the keytab
was des-cbc-crc and not des-cbc-crc:v4.  Anyway, I now have a
cross-realm setup working without DES on the users' realm.

Thanks,
Jayen

On Sun, Jun 10, 2012 at 8:28 PM, Simon Wilkinson
<simonxwilkinson@gmail.com> wrote:
>
> On 10 Jun 2012, at 06:41, M=E5ns Nilsson wrote:
>>> =A0can get tokens, and [I believe] I
>>> am a superuser, but I seem to have very few permissions.
>>
>> Is jayen.admin listed in the UserList file?
>
> Firstly, the UserList doesn't affect the behaviour of the ptserver. It de=
termines the user's permissions purely through the set of groups that it ma=
nages (the only use it makes of the UserList is determining whether a user =
can enable and disable RX statistics for the server).
>
> So it's not that, although the UserList does appear to be configured corr=
ectly.
>
> To be honest, I've never seen this failure mode before, so I'm a little s=
tumped. To start with, could you provide the command line that ptserver is =
running with, and the output from
>
> pts examine system:administrator -localauth
>
> Then, could you restart the ptserver and add '-d 125' to the command line=
, and try the failing pts mem again. This should put some debug output into=
 the PtLog file, which it would be useful to have a look at.
>
> Thanks,
>
> Simon.
>
>