Thanks Guys, that seems to be issue. I now recall reading about the slash -> dot remapping in the docs, but I had forgotten about it.
I think perhaps the tools might have done a better job of indicating that there was a problem, and what it might be ? If slashes are remapped to dots, then perhaps ``pts createuser'' should issue a warning message if you try to create a user with a slash ? As it stands (1.4.12 & 1.6.0), pts happily creates the user with the slash and also includes it in the list of entries. When running aklog, I believe it attempts to get tokens for the default principle otherwise it doesn't get any tokens and/or just gets a token for the anonymous user. It might be nice if aklog indicated that this was happening. Even ``aklog -d'' doesn't really show much, apart from showing that I have been assigned the ID 32766 of the anonymous user. Is it necessary to have the anonymous user in pts ? What's the best way to restrict anonymous access to our cell ? We don't need it. Our data volumes don't have "anyuser" access, but I'm hesitant to remove it from our root volumes Many Thanks again. - bobb