[OpenAFS] Any way to create srvtabs for use with kaserver...

Marcus Watts mdw@umich.edu
Thu, 28 Feb 2002 04:48:29 -0500


Eric Knudstrup <eric@knudstrup.org> writes:
> Subject: [OpenAFS] Any way to create srvtabs for use with kaserver...
> Date: Thu, 28 Feb 2002 00:55:02 -0800 (PST)
> 
> without upgrading to Heimdal or MIT kdc (I have set up a system once like that
> and decided I wanted to stay with the stock kaserver)?

Sure.  couple choices:
(1) use some version of ksrvutil that asks for a password, and make
sure you use the same (hopefully long random) password to make
the principal using kas.

(2) build a copy of kaserver that understands "getkey", then write
an application that calls "getkey" and saves the result in a
srvtab.  Note: application must run on kdc, & this only works
with empty instances

(3) write something that rummages through the kadatabase directly.
doable, but messy.

(4) write a variation of "kpasswd" that resets the password to something
random, then saves it into a file.  Generate the principal using
kas, then use your utility.  The utility could also create the
principal & set a random key all in one go.

(5) use kas to set the pw to a known value.  Then use the "stringtokey"
function in kas to convert that same pw to a key.  Use perl to convert
the key to a srvtab.

			-Marcus Watts
			UM ITCS Umich Systems Group