[OpenAFS] Server encryption keys

Russ Allbery rra@stanford.edu
Fri, 16 Mar 2007 11:43:33 -0700


A V Le Blanc <LeBlanc@mcc.ac.uk> writes:

> On a test cell, I've been able to change the encryption key as follows:
> I change the afs password using kadmin and export it to the KeyFile.  I
> then have to kill the bos process and all server processes on all
> servers, since my old admin tokens don't work any more, nor do new ones
> when I reauthenticate.  After restarting bos, the other processes start
> cleanly, and authentication works again.

Once the KeyFile is distributed to all of your systems, the AFS server
processes should pick up the change automatically (I think there's some
short checking interval).  There were some bugs in this in earlier
versions of 1.4 on Solaris, but I'm fairly sure they were ironed out.

-- 
Russ Allbery (rra@stanford.edu)             <http://www.eyrie.org/~eagle/>