[OpenAFS] Migration from kaserver to krb5.

Christopher Allen Wing wingc@engin.umich.edu
Tue, 11 Apr 2006 19:22:06 -0400 (EDT)


On Wed, 12 Apr 2006, O Plameras wrote:

>> Do you have any actual users in your AFS cell yet?  Or did you just set it 
>> up with kaserver for testing purposes?
>> 
> I have only half-dozen users.  Yes, I created new principals in the k5 DB and 
> reset afs key.

Ok.  For such a small number of users, don't bother with afs2k5db.  It is 
not necessary.  (you just have to manually reset each user's password, 
that's all)

>> Did you create a new 'afs' principal in the K5 database?
>
> Yes, I did. This is how I did it.
>
> #kadmin.local  -e des-cbc-crc:v4  <<EOF
> addprinc -randkey afs/example.com.ex
> ktadd -k KeyFile afs/example.com.ex

I assume 'KeyFile' here is just a temp file, not the actual AFS keyfile, 
right?

> quit
> EOF
>
> #set `klist -k KeyFile | tail -1`
> #asetkey add $1 KeyFile afs/example.com.ex

Does regular file access work in AFS?  (can you create files, get tokens 
and read things, etc)

> The problem is after this I can't
>
> #vos listvol toshiba.example.com.ex

Something else is wrong.


Did you update the AFS KeyFile on all of your servers and restart all the 
server processes?

> In the AFS_K5_NAME_CHANGE it says to the effect that
> I have to run afs2k5db

No, that should not be necessary in your case.

> OK, I got this. I am able to create principals in K5 to aklog successfully. 
> The problem after this
> is I can't do AFS maintenance commands like #vos listvol <server>, etc.

I don't believe 'vos listvol' requires any special privileges.

Again, can you even access files after aklog?

> I have about 500Gbytes and for this reason I can't reset my DB.

You don't need to change anything in ptserver after switching to krb5.



Don't try afs2k5db for now; something else must be broken.


-Chris Wing
wingc@engin.umich.edu