[OpenAFS-devel] Document for authenticating against MIT K5/krb524d ?
Derek Atkins
warlord@MIT.EDU
09 Jan 2002 15:01:29 -0500
Adam Thornton <adam@fsf.net> writes:
> This is a brand new cell and realm: there is no existing data to be
> migrated. So do I just need an afs@REALM principal on the KDC, and
I would suggest afs/cell@REALM instead of afs@REALM, but that's just
me.
> ka-forwarder in place on the OpenAFS machines? There are no preexisting
You don't necessarily need a ka-forwarder unless you really want one.
You can just use kinit/aklog (or the PAM equivalent), in which case
you don't need the ka-forwader.
> keys or kvnos that I have; do I still need to create them with kaserver
> and then migrate them, or can I just create them on the KDC? Do I just
You can just create your AFS key on the KDC (make sure it is a 1des
key!), extract it into a keytab (once), use asetkey to create the
KeyFile, and then scp the KeyFile to all your servers.
> skip creating the kaserver with bos and instead create a ka-forwarder?
You definitely skip creating the kaserver with bos. And, as I
mentioned, you can skil the ka-forwarder unless you really feel you
want it. You don't need it.
> Adam
-derek
--
Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
Member, MIT Student Information Processing Board (SIPB)
URL: http://web.mit.edu/warlord/ PP-ASEL-IA N1NWH
warlord@MIT.EDU PGP key available