[OpenAFS] aklog vs referrals

[John Tang Boyland]

Jeffrey Altman wrote:
] Simon Wilkinson wrote:
] > So, in the
] > interests of fixing this quickly, we're just going to add the
] > afs/inf.ed.ac.uk principal, and get on with our lives.
] > 
] > It's unclear to me what the 'correct' solution to actually fix aklog is.
]
] It is my opinion that the "afs@CELL" principal name is supported for
] backwards compatibility with prior practices and that "afs/cell@REALM"
] is the current best practice.

Can someone describe the steps necessary to effect this change?  We
migrated our cell to kerberos V two years ago but still use the
afs@REALM shorthand.  I would expect that the change involves some
add_principal and ktadd commands and maybe asetkey and copying
super-secret files around, but I'm afraid if I tried to do it myself,
I would get a kvno problem and the fileservers would stop working
and/or it would be impossible to get AFS tokens.  If it helps,
there's nothing wrong with leaving the old afs@REALM principal alive
and working.

John