[OpenAFS] /usr/afs/etc/KeyFile from krb4?
Christopher D. Clausen
cclausen@acm.org
Thu, 11 May 2006 11:57:37 -0500
Gabe ListAccount <gabelists@yahoo.com> wrote:
> Hello,
> I have a server that was hacked, and thus a new OS (CentOS4) was
> installed. I setup OpenAFS 1.4 , openafs-krb5-1.4.1 was installed. I
> dropped the old db files as well as the KeyFile into their respective
> directories. I don't think this was appropriate. How do I convert the
> old KeyFile and db (from OpenAFS 1.2.10) to be compatble with krb5?
Uhh, well, if your server was hacked you likely do not want to the use
the old KeyFile and instead generate a new one. You would need to add
the updated key to all AFS servers in your cell and you should remove
the old key as quickly as possible.
In thet past people have used something called the Kerberos 5 Migration
Kit to go from AFS kaserver to Kerberos 5. I'm not sure if that is
still the recomended thing to do or not though. I thought that at least
MIT Kerberos 5 could read the older Kerberos db file from kaserver.
<<CDC
--
Christopher D. Clausen
ACM@UIUC SysAdmin