[OpenAFS] Re: SuSe 9.0 &Heimdal.6

ted creedon tcreedon@easystreet.com
Mon, 29 Dec 2003 13:35:57 -0800


Thanks - does /usr/afs/etc/ThisCell need to be stuffed? (could be linked =
to
/etc/openafs/server/ThisCell or /etc/openafs/ThisCell)

Ther are 2 ThisCell files in this SuSE incarnation, one for client and =
one
for server. Which should I link to?

Ted

-----Original Message-----
From: openafs-info-admin@openafs.org =
[mailto:openafs-info-admin@openafs.org]
On Behalf Of Jeffrey Hutzelman
Sent: Monday, December 29, 2003 10:55 AM
To: openafs-info@openafs.org
Subject: RE: [OpenAFS] Re: SuSe 9.0 &Heimdal.6



On Wednesday, December 24, 2003 00:57:10 -0500 Derrick J Brashear=20
<shadow@dementia.org> wrote:

> On Tue, 23 Dec 2003, ted creedon wrote:
>
>> How does one verify the consistency of the AFS tokens/tickets vs =
KRB5?
>> Can one delete keys from the keyfiles and start anew?
>>
>
> The pts info is still entirely out of scope for what you're asking.
> You can delete the keyfiles and start over. The key and the kvno must
> match in the KeyFile and the KDC database. You should have no des3 =
key.
>
> It should be possible to write a tool to take a KeyFile and get a krb5
> ticket with the key. Maybe someday I'll get some free time.

(assuming Heimdal...)

kinit --use-keytab --keytab=3DAFS:/usr/afs/etc/KeyFile =
afs/cell.name@REALM

Due to limitations in the 'AFS' keytab backend, this works only if your =
AFS=20
cell is keyed as afs/cell.name@REALM rather than afs@REALM, as is common =
in=20
cells that have been around for a while.  Also, it is necessary for=20
/usr/afs/etc/ThisCell to exist, even if you did not compile OpenAFS with =

--enable-transarc-paths.

-- Jeffrey T. Hutzelman (N3NHS) <jhutz+@cmu.edu>
   Sr. Research Systems Programmer
   School of Computer Science - Research Computing Facility
   Carnegie Mellon University - Pittsburgh, PA

_______________________________________________
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info