[OpenAFS] admin password change

Derrick J Brashear shadow@dementia.org
Mon, 25 Feb 2002 15:35:00 -0500 (EST)

On Mon, 25 Feb 2002, Michael Aldrich wrote:

> Hi,
> Is it possible to change the 'admin' password without knowing the original password? The only other login in UserList does not have privileges to change the admin password. Problem is, the person who set up our AFS servers has since left the company, taking the admin password with him. I tried to change it using steps provided at http://www.transarc.ibm.com/Support/afs/admin/cellname.html, with no luck. This server is running the Transarc version. I was able to change the admin password using the OpenAFS version in a test environment....
bos shutdown the kaserver on all your db server machines. 

make a copy of the kaserver.DB0 files just in case

bos setauth -authrequired no on each db server
bos start the kaserver on each dbserver
kas -adm foo
(type any password)
setpass admin
(type any password when prompted for foo's password, then type admin's
new password twice)

bos setauth -authrequired yes on each dbserver

be paranoid and bos restart everything on the dbservers


don't even think of doing this on an untrusted net