[OpenAFS-devel] Re: Testing: how to generate random valid KeyFile without kerberos

Derrick Brashear shadow@gmail.com
Mon, 17 Sep 2012 23:13:38 -0400


On Mon, Sep 17, 2012 at 6:45 PM, Andrew Deason <adeason@sinenomine.net> wrote:
> On Sun, 16 Sep 2012 23:01:48 -0500
> Troy Benjegerdes <hozer@hozed.org> wrote:
>
>> I'm attempting to automate creation of a new cell in a VM,
>> and I'd like to be able to create a random KeyFile without ever
>> using Kerberos.
>>
>> I can't seem to get it to work right (bos communications fail),
>> so I'm wondering if someone has a working example of this.
>
> In addition to the other replies...
>
> The ktutil from MIT kerberos can create a keytab locally from a password
> you give it. This technically is not "without kerberos", but it doesn't
> require a kerberos _infrastructure_; just the ktutil program. In ktutil,
> you can probably run addent -password -p afs -k 2 -e des-cbc-crc, then
> write the keytab, and use 'asetkey' to convert the keytab.
>
> I'm not sure if that's best, but it's one way.

And at that point, depending on your Kerberos libraries, you can even
generate tokens from the keytab,
assuming the API needed for kimpersonate is found. (aklog will then be
built with support for doing so,
for the purpose of running tests)



-- 
Derrick