[OpenAFS-devel] Re: Testing: how to generate random valid KeyFile without kerberos

[Andrew Deason]

On Sun, 16 Sep 2012 23:01:48 -0500
Troy Benjegerdes <hozer@hozed.org> wrote:

> I'm attempting to automate creation of a new cell in a VM,
> and I'd like to be able to create a random KeyFile without ever
> using Kerberos.
> 
> I can't seem to get it to work right (bos communications fail),
> so I'm wondering if someone has a working example of this.

In addition to the other replies...

The ktutil from MIT kerberos can create a keytab locally from a password
you give it. This technically is not "without kerberos", but it doesn't
require a kerberos _infrastructure_; just the ktutil program. In ktutil,
you can probably run addent -password -p afs -k 2 -e des-cbc-crc, then
write the keytab, and use 'asetkey' to convert the keytab.

I'm not sure if that's best, but it's one way.

-- 
Andrew Deason
adeason@sinenomine.net