Hello
This is in reply to your query about unauthenticated examination of an AFS
user's group membership. The "pts setfield" command will enable what you are
looking for. The third flag, the "m", controls who can check the membership of
that user. A "-" means only the user can, and a "M" means anyone can. The
following shows an example:
% pts examine adamsonID
Name: adamsonid, id: 5851, owner: system:administrators, creator: adamson,
membership: 1, flags: S----, group quota: 20.
Notice in the flags "S----" that the third flag is a "-". An unauthenticated
access will fail:
% unlog
% pts mem adamsonID
libprot: no such entry Could not get afs tokens, running unauthenticated.
pts: Permission denied ; unable to get membership of adamsonid (id: 5851)
Now I'll set the "M" flag for the user. See page 6-36 of the AFS Command
Reference:
% klog
Password:
% pts setfield adamsonID -access S-M--
% pts examine adamsonID
Name: adamsonid, id: 5851, owner: system:administrators, creator: adamson,
membership: 1, flags: S-M--, group quota: 20.
Now I make another unauthenticated access:
% unlog
% pts mem adamsonID
libprot: no such entry Could not get afs tokens, running unauthenticated.
Groups adamsonid (id: 5851) is a member of:
pe
The command succeeded because the M flag was set. Hope this helps.
-Mark Adamson
AFS Product Engineering
