Store AFS cell configuration at authz.afs.cells instead of just

[invirt/packages/invirt-base.git] / python / invirt / authz / locker.py

diff --git a/python/invirt/authz/locker.py b/python/invirt/authz/locker.py
index cf33d5e..cbfc28a 100644 (file)
--- a/python/invirt/authz/locker.py
+++ b/python/invirt/authz/locker.py
@@ -58,7 +58,7 @@ def expandAdmin(name, owner):
     administrator is always interpreted as an AFS entry (either a user
     or a group) in the home cell (athena.mit.edu for XVM).
     """
-    cell = config.authz.cells[0].cell
+    cell = config.authz.afs.cells[0].cell
     auth = _authenticate(cell)
     return _expandGroup(name, cell=cell, auth=auth)
 
@@ -84,7 +84,7 @@ def _authenticate(cell):
     which authenticate directly against the machine's home realm and
     cells distantly related to the machine's home realm.
     """
-    for c in config.authz.cells:
+    for c in config.authz.afs.cells:
         if c.cell == cell and not c.auth:
             return False
 
@@ -110,7 +110,8 @@ def _expandGroup(name, cell=None, auth=False):
     to retrieve its membership, we assume it's empty.
     """
     try:
-        ent = pts.PTS(cell, 3 if auth else 0).getEntry(name)
+        ent = pts.PTS(cell, pts.PTS_ENCRYPT if auth else pts.PTS_UNAUTH).\
+            getEntry(name)
         if ent.id > 0:
             return set([ent.name])
         else: