[OpenAFS] Re: SuSe 9.0 &Heimdal.6
Jeffrey Hutzelman
jhutz@cmu.edu
Mon, 29 Dec 2003 13:55:02 -0500
On Wednesday, December 24, 2003 00:57:10 -0500 Derrick J Brashear
<shadow@dementia.org> wrote:
> On Tue, 23 Dec 2003, ted creedon wrote:
>
>> How does one verify the consistency of the AFS tokens/tickets vs KRB5?
>> Can one delete keys from the keyfiles and start anew?
>>
>
> The pts info is still entirely out of scope for what you're asking.
> You can delete the keyfiles and start over. The key and the kvno must
> match in the KeyFile and the KDC database. You should have no des3 key.
>
> It should be possible to write a tool to take a KeyFile and get a krb5
> ticket with the key. Maybe someday I'll get some free time.
(assuming Heimdal...)
kinit --use-keytab --keytab=AFS:/usr/afs/etc/KeyFile afs/cell.name@REALM
Due to limitations in the 'AFS' keytab backend, this works only if your AFS
cell is keyed as afs/cell.name@REALM rather than afs@REALM, as is common in
cells that have been around for a while. Also, it is necessary for
/usr/afs/etc/ThisCell to exist, even if you did not compile OpenAFS with
--enable-transarc-paths.
-- Jeffrey T. Hutzelman (N3NHS) <jhutz+@cmu.edu>
Sr. Research Systems Programmer
School of Computer Science - Research Computing Facility
Carnegie Mellon University - Pittsburgh, PA