.. _serve-princ:

Service Principals
==================

We have a number of services that need to work with afs; those services need
service principals with appropriate permissions. To create a service principal,
make a :ref:`kerberos principal <kdc-instances>` as discussed at the link, then
run ``pts createuser system.username``. Then, adjust the acls for the files that
the service needs access to. You can do this as long as you have an *a* bit on
the file in question.