[OpenAFS] Any way to create srvtabs for use with kaserver...

Eric Knudstrup eric@knudstrup.org
Sat, 02 Mar 2002 19:20:34 -0800 (PST)

So, could I use KAM_GetRandomKey(), use that for KAM_CreateUser(), then save
EncryptionKey/struct ktc_encryptionKey off in a -r-------- file?
Then I'm assuming I could use ka_Authenticate, or is there a better function?
I had another question.  Is there a function that will give me a PAG?
The API reference PDF is pretty vague...


Quoting Marcus Watts <mdw@umich.edu>:

> Eric Knudstrup <eric@knudstrup.org> writes:
> > Subject: [OpenAFS] Any way to create srvtabs for use with
> kaserver...
> > Date: Thu, 28 Feb 2002 00:55:02 -0800 (PST)
> >
> > without upgrading to Heimdal or MIT kdc (I have set up a system once
> like that
> > and decided I wanted to stay with the stock kaserver)?
> Sure.  couple choices:
> (1) use some version of ksrvutil that asks for a password, and make
> sure you use the same (hopefully long random) password to make
> the principal using kas.
> (2) build a copy of kaserver that understands "getkey", then write
> an application that calls "getkey" and saves the result in a
> srvtab.  Note: application must run on kdc, & this only works
> with empty instances
> (3) write something that rummages through the kadatabase directly.
> doable, but messy.
> (4) write a variation of "kpasswd" that resets the password to
> something
> random, then saves it into a file.  Generate the principal using
> kas, then use your utility.  The utility could also create the
> principal & set a random key all in one go.
> (5) use kas to set the pw to a known value.  Then use the
> "stringtokey"
> function in kas to convert that same pw to a key.  Use perl to convert
> the key to a srvtab.
	-Marcus Watts
	UM ITCS Umich Systems Group

----- End forwarded message -----