.. _serve-princ: Service Principals ================== We have a number of services that need to work with afs; those services need service principals with appropriate permissions. To create a service principal, make a :ref:`kerberos principal ` as discussed at the link, then run ``pts createuser system.username``. Then, adjust the acls for the files that the service needs access to. You can do this as long as you have an *a* bit on the file in question.