[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: OpenAFS trouble

Christopher Swingley <cswingle@iarc.uaf.edu> writes:

> Here'w what happens on the client machine (enemy):
>     cswingle@enemy:~$ tokens
>     Tokens held by the Cache Manager:
>     User's (AFS ID 1112) tokens for afs@frontier.iarc.uaf.edu
>     --End of list--

(Are your tokens expired?  When I run 'tokens', it includes an
expiration date:

{11} dmaze% tokens

Tokens held by the Cache Manager:

User's (AFS ID 2367) tokens for afs@sipb.mit.edu [Expires May 19 23:57]
User's (AFS ID 2367) tokens for afs@athena.mit.edu [Expires May 19 23:57]
   --End of list--

>     cswingle@enemy:~$ ls -al /afs/frontier/user/cswingle
>     ls: /afs/frontier/user/cswingle: Permission denied

Can you peek into things that don't have restrictive permissions?
Like, /afs/frontier is probably system:anyuser rl, can you ls there?
You could also conceivably have really bizarre things going on, like
your home directory having permissions set to an IP acl; you might try
'fs la /afs/frontier/user/cswingle' from the machine that works, but
it probalby won't say anything enlightening.

> What am I missing?  What did I forget to do in order to allow a client 
> to access a server's volumes?  Is there any useful documentation out 
> there?  I've looked at the IBM documentation, but it is filled with 
> commands that I don't have (uss, package, kas, etc.).

...yeah, I've never used any of those; wisdom around MIT seems to be
that you probably never want to use kaserver, since a "real" KDC and
krb524d provide the same functionality.

David Maze         dmaze@debian.org      http://people.debian.org/~dmaze/
"Theoretical politics is interesting.  Politicking should be illegal."
	-- Abra Mitchell

Reply to: