On Tue, 19 Jul 2011 13:52:08 -0400 "Danko Antolovic" <danto...@indiana.edu> wrote:
> [root@afs1c afs]# pts adduser -user dantolov -group system:authu...@iu.edu > -noauth No, don't do this. In your setup, the _only_ user that will be recognized as "dantolov" is someone that authenticates with the principal danto...@resource.net, which, if I understand correctly, does not exist, so there should not be a user called "dantolov" at all. The user that authenticates via the kerberos principal danto...@iu.edu will have the AFS PT name "danto...@iu.edu" if IU.EDU is not in krb.conf. > Predictably, when I authenticate as a foreign user (via trust), I can't > touch the files in /afs/afs1.bedrock.iu.edu aklog is supposed to automatically create the user danto...@iu.edu and add it to system:authu...@iu.edu for you; you don't need to do it yourself. Does danto...@iu.edu exist? What does aklog say when you give it the -d option when you authenticate with danto...@iu.edu ? -- Andrew Deason adea...@sinenomine.net _______________________________________________ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info