[OpenAFS] Automatically adding / deleting principals

[Love]

Andreas Haupt <ahaupt@ifh.de> writes:

> We want to migrate to Heimdal Kerberos5 in the next time. But until then
> the main database is the kas database.
>
> BTW: How can I tell kadmin to store the principal keys in AFS format
> (since AFS uses a different String2Key method as standard heimdal does
> AFAIR)? I did not find anything about it in the man page.

If you add

[kadmin]default_keys = afs3-salt

to krb5.conf you'll get afs string2key()ed keys.

Note that most modern klog's will handle both string2keys. The windows
openafs client does kerberos 4 (not ka), so there you want v4 keys too.

There are some text describing it in krb5.conf man page.

Love