[OpenAFS] Manually Creating Cross Realm Users

Jayen Ashar jayen@science.unsw.edu.au
Thu, 14 Jun 2012 20:45:01 +1000

On Fri, Jul 25, 2003 at 12:59 AM, Derrick J Brashear
<shadow@dementia.org> wrote:
> On Wed, 23 Jul 2003, Chris McClimans wrote:
>> Can anyone explain why manually creating crossrealm users does not work
>> in the either of the following methods. It seems to work fine if I
>> allow aklog to automatically create the user (and UID) and add them to
>> the crossrealm group.
>> $ pts listmax
>> Max user id is 5000000 and max group id is -211.
>> $ pts createuser -name crossrealmuser@ttu.edu -id 1004
>> pts: argument illegal or out of range ; unable to create user
>> crossrealmuser@ttu.edu with id 1004
> you want this, and you don't get to specify an id in this range.
> "foreign" pts users get high bit(s) set to indicate they're foreign, iirc,
> but in any case begin with a high number and count up by some greater than
> 1 number.

Is there any chance this has changed in the last 9 years?  I can't use
an AFS service account in the other realm because it doesn't support
DES, and I can't change the [unix] UIDs that are already used in a lot
of places.  I tried specifying an id with the high bit (0x10000) set
(which some users have), but it gave me the same error.  Users are in
the range 10000000-29999999.

If I create [dummy] users which are not cross-realm (but have the same
name), can I get AFS to set the dummy user as the unix owner of a
file/directory when files are created?

Is it possible for a user outside system:administrators to chown/chgrp
files in AFS?