[OpenAFS] Password transition to krb5 - your methods?
Jason Edgecombe
jason@rampaginggeek.com
Thu, 25 Oct 2007 12:06:07 -0400
Jeff Blaine wrote:
> Steve Devine wrote:
>> Jeff Blaine wrote:
>>> I realize there's not a conversion process to get AFS krb4
>>> principal passwords into krb5-land.
>>>
>>> What approaches have you all taken in order to make the
>>> kaserver -> krb5 KDC transition as painless as possible
>>> to users?
>>>
>>> Thanks for any insight/tips.
>> This is not so.
>> From my notes :
>> ***********************************
>> afs2k5db /usr/afs/db/kaserver.DB0 >all.out
>> then edit the all.out file:
>> Remove line for AuthServer , krbtgt, and afs
>> Be sure and leave in first line ( kdb5_util load_dump version 4)
>> Then load em all in.
>> kdb5_util load -update all.out
>> (Leave verbose switch out it will just slow you down.)
>> ********************************
>
> I assume that's a Heimdal installation?
>
> I should have clarified in the original post: MIT Kerberos.
>
> Or is everyone using Heimdal with OpenAFS?
The UNCC.EDU cell is using MIT kerberos 5.
We disabled kaserver during the summer and we just removed the service
last week.
Jason