[OpenAFS] (no subject)

Derrick J Brashear shadow@dementia.org
Tue, 11 Dec 2001 09:03:10 -0500 (EST)

On Tue, 11 Dec 2001, Charles Clancy wrote:

> > I am in the process of splitting the /afs/rhic cell in two different
> > cells: /afs/rhic and /afs/usatlas One of the challenges I face is the
> > migration of part of the users from the old /afs/rhic cell to the new
> > /afs/usatlas cell. Is anybody aware of a method that would allow me to
> > have these users migrated to the new cell so that their kerberos
> > credentials get preserved ? (Obviously, it's the afs passwords that I
> > need preserved...) Thanks !
> Method 1: Copy /usr/afs/db/kaserver.* to the new server, reconfigure the
> cell keys ('afs' user's key), then delete the excess users from each cell.

If you were using the afs (cell salted) string to key you'll rapidly
develop a hatred for yourself if you do this.

> Method 2: I'd think you could write a simple program to parse
> kaserver.DB0, pulling out the entries you wanted.  Check out
> src/afs2k5db.c from the AFS/Kerberos migration kit for some code that
> parses out individual ka records from kaserver.DB0.

Same here.

You could do something with a magic login program which understood the old
cell name and "changed" the password, but it's evil.