[OpenAFS] Re: [OpenAFS-devel] SOS: AFS instllation/Configuration
ted creedon
tcreedon@easystreet.com
Wed, 31 Jan 2007 06:59:56 -0900
Script for KRB5 cold install (SuSE Linux):
########### clear out all key files
rm /usr/afs/etc/KeyFile
rm /etc/krb5.keytab
cd /var/lib/kerberos/krb5kdc
rm .k5.HOME.TED-DORIS.FAM principal* kadm5.keytab
#note kadm5.keytab is created on first startup of server
#create database and stash
kdb5_util create -r HOME.TED-DORIS.FAM -s
### creates files:.k5.HOME.TED-DORIS.FAM principal.*
############ add kadmin principals
############ add host server (need IP address for some reason on dual homed
nome.home.ted-doris.fam
kadmin.local -q "ank -randkey -k /etc/krb5.keytab host/10.1.1.193"
kadmin.local -q "ank -randkey kadmin/10.1.1.193@HOME.TED-DORIS.FAM"
WRFILE:/var/lib/kerberos/krb5kdc/kadm5.keytab.
########### add kadmin principals to kadmin keytab
kadmin.local -q "ktadd -k /var/lib/kerberos/krb5kdc/kadm5.keytab
kadmin/admin kadmin/changepw"
########### check that kadmn5.keytab ws created
ktutil
ktutil: ?
ktutil: rkt kadm5.keytab
ktutil: l
slot KVNO Principal
---- ----
---------------------------------------------------------------------
1 3 kadmin/admin@HOME.TED-DORIS.FAM
2 3 kadmin/admin@HOME.TED-DORIS.FAM
3 3 kadmin/admin@HOME.TED-DORIS.FAM
4 3 kadmin/admin@HOME.TED-DORIS.FAM
5 3 kadmin/changepw@HOME.TED-DORIS.FAM
6 3 kadmin/changepw@HOME.TED-DORIS.FAM
7 3 kadmin/changepw@HOME.TED-DORIS.FAM
8 3 kadmin/changepw@HOME.TED-DORIS.FAM
############add admin principals
kadmin.local -q "addprinc admin"
kadmin.local -q "addprinc admin/admin"
############ add afs server
kadmin.local -q "addprinc -randkey afs@HOME.TED-DORIS.FAM"
############ start all servers
./startkrb.sh
Starting Kerberos 5 Admin Server done
Starting Kerberos 5 KDC done
Starting Kerberos 5-to-4 Server done
############ add single des key to /etc/krb5.keytab
kadmin.local -q "ktadd -k /etc/krb5.keytab -e des-cbc-crc:normal afs"
############ verify key versin number (kvno) with ktutil
ktutil
ktutil: rkt /etc/krb5.keytab
slot KVNO Principal
---- ----
---------------------------------------------------------------------
1 3 afs@HOME.TED-DORIS.FAM
############ move key 3 to /usr/afs/etc/KeyFile
asetkey add 3 /etc/krb5.keytab afs
Entry for principal afs with kvno 3, encryption type DES cbc mode with
CRC-32 added to keytab WRFILE:/etc/krb5.keytab
########### verify login and access to afs
kinit admin
Password for admin@HOME.TED-DORIS.FAM:****
klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: admin@HOME.TED-DORIS.FAM
Valid starting Expires Service principal
12/05/06 13:41:37 12/06/06 13:41:37
krbtgt/HOME.TED-DORIS.FAM@HOME.TED-DORIS.FAM
Kerberos 4 ticket cache: /tmp/tkt0
klist: You have no tickets cached
#get afs tokens
aklog
##should now directories below /afs as /afs/.home.ted-doris.fam, etc.
ls /afs/