[OpenAFS] /usr/afs/etc/KeyFile from krb4?

Christopher D. Clausen cclausen@acm.org
Thu, 11 May 2006 11:57:37 -0500

Gabe ListAccount <gabelists@yahoo.com> wrote:
> Hello,
>    I have a server that was hacked, and thus a new OS (CentOS4) was
> installed. I setup OpenAFS 1.4 , openafs-krb5-1.4.1 was installed. I
> dropped the old db files as well as the KeyFile into their respective
> directories. I don't think this was appropriate. How do I convert the
> old KeyFile and db (from OpenAFS 1.2.10) to be compatble with krb5?

Uhh, well, if your server was hacked you likely do not want to the use 
the old KeyFile and instead generate a new one.  You would need to add 
the updated key to all AFS servers in your cell and you should remove 
the old key as quickly as possible.

In thet past people have used something called the Kerberos 5 Migration 
Kit to go from AFS kaserver to Kerberos 5.  I'm not sure if that is 
still the recomended thing to do or not though.  I thought that at least 
MIT Kerberos 5 could read the older Kerberos db file from kaserver.

Christopher D. Clausen