[OpenAFS] (no subject)
Derrick J Brashear
shadow@dementia.org
Tue, 11 Dec 2001 09:03:10 -0500 (EST)
On Tue, 11 Dec 2001, Charles Clancy wrote:
> > I am in the process of splitting the /afs/rhic cell in two different
> > cells: /afs/rhic and /afs/usatlas One of the challenges I face is the
> > migration of part of the users from the old /afs/rhic cell to the new
> > /afs/usatlas cell. Is anybody aware of a method that would allow me to
> > have these users migrated to the new cell so that their kerberos
> > credentials get preserved ? (Obviously, it's the afs passwords that I
> > need preserved...) Thanks !
>
> Method 1: Copy /usr/afs/db/kaserver.* to the new server, reconfigure the
> cell keys ('afs' user's key), then delete the excess users from each cell.
If you were using the afs (cell salted) string to key you'll rapidly
develop a hatred for yourself if you do this.
> Method 2: I'd think you could write a simple program to parse
> kaserver.DB0, pulling out the entries you wanted. Check out
> src/afs2k5db.c from the AFS/Kerberos migration kit for some code that
> parses out individual ka records from kaserver.DB0.
Same here.
You could do something with a magic login program which understood the old
cell name and "changed" the password, but it's evil.
-D