[OpenAFS] (no subject)

Charles Clancy security@xauth.net
Tue, 11 Dec 2001 02:26:34 -0600 (CST)


> I am in the process of splitting the /afs/rhic cell in two different
> cells: /afs/rhic and /afs/usatlas One of the challenges I face is the
> migration of part of the users from the old /afs/rhic cell to the new
> /afs/usatlas cell. Is anybody aware of a method that would allow me to
> have these users migrated to the new cell so that their kerberos
> credentials get preserved ? (Obviously, it's the afs passwords that I
> need preserved...) Thanks !

Method 1: Copy /usr/afs/db/kaserver.* to the new server, reconfigure the
cell keys ('afs' user's key), then delete the excess users from each cell.

Method 2: I'd think you could write a simple program to parse
kaserver.DB0, pulling out the entries you wanted.  Check out
src/afs2k5db.c from the AFS/Kerberos migration kit for some code that
parses out individual ka records from kaserver.DB0.

How would one then put these into the kaserver.DB0 on the new cell?  I
imaging simply appending to the file wouldn't work -- would you need to
update the header information too?  What if you created a new dummy
account, and then simply overwrote it's ka entry directly with the one
pulled from the other file?

Oh -- I suppose you might want to do something similar your protection
database prdb.* too.

--
t. charles clancy <> tclancy@uiuc.edu <> www.uiuc.edu/~tclancy