Hi, I've been trying to figure out if this is documented/expected behavior with openafs (1.4.11).
UserA has valid tokens and does not have access to directory /foo /foo has an acl giving group:bar all access (UserA is not part of this group) UserB adds UserA to group:bar UserA still can't access /foo until he does a ak5log (I think understand why this is the case) With the renewed tokens he is able to access /foo UserB removes UserA from group:bar UserA can still read from /foo and still write to it as well, and will continue to do so on each machine he has a session until his tokens expire (length of kerberos ticket, so upto 7 days) or does an ak5log/kinit himself. Can someone explain why the "writes" don't at least try to recheck the pts memberships? Thank you Oguzhan Eris _______________________________________________ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info