[OpenAFS] kerberos 5 and afs server

Brandon S. Allbery KF8NH allbery@ece.cmu.edu
Mon, 2 Jun 2008 16:14:16 -0400 

--Apple-Mail-1-54738862
Content-Type: text/plain;
	charset=US-ASCII;
	format=flowed;
	delsp=yes
Content-Transfer-Encoding: 7bit


On 2008 May 22, at 7:31, Lara Lloret Iglesias wrote:

> I installed a kerberos server in both machines, but maybe I just  
> have to install it in one of the machines and copy somehow the  
> configuration to the other servers...I don't know what do I have to  
> do actually. Each server on the cell needs its own kerberos server?  
> If not how do I do it?


You only need one Kerberos server, as long as it's named like the cell  
(but uppercase) and there is a krb5.conf  or SRV records for it then  
AFS will find it.

That said, I make my AFS DB servers also be KDC slaves (take a look at  
kprop for MIT and hprop and iprop for Heimdal).

-- 
brandon s. allbery [solaris,freebsd,perl,pugs,haskell] allbery@kf8nh.com
system administrator [openafs,heimdal,too many hats] allbery@ece.cmu.edu
electrical and computer engineering, carnegie mellon university    KF8NH



--Apple-Mail-1-54738862
Content-Type: text/html;
	charset=US-ASCII
Content-Transfer-Encoding: quoted-printable

<html><body style=3D"word-wrap: break-word; -webkit-nbsp-mode: space; =
-webkit-line-break: after-white-space; "><br><div><div>On 2008 May 22, =
at 7:31, Lara Lloret Iglesias wrote:</div><br =
class=3D"Apple-interchange-newline"><blockquote type=3D"cite">I =
installed a kerberos server in both machines, but maybe I just have to =
install it in one of the machines and copy somehow the configuration to =
the other servers...I don't know what do I have to do actually. Each =
server on the cell needs its own kerberos server? If not how do I do =
it?<br></blockquote></div><div><br></div><div>You only need one Kerberos =
server, as long as it's named like the cell (but uppercase) and there is =
a krb5.conf &nbsp;or SRV records for it then AFS will find =
it.</div><div><br></div><div>That said, I make my AFS DB servers also be =
KDC slaves (take a look at kprop for MIT and hprop and iprop for =
Heimdal).</div><br><div apple-content-edited=3D"true"> <span =
class=3D"Apple-style-span" style=3D"border-collapse: separate; =
border-spacing: 0px 0px; color: rgb(0, 0, 0); font-family: Helvetica; =
font-size: 11px; font-style: normal; font-variant: normal; font-weight: =
normal; letter-spacing: normal; line-height: normal; text-align: auto; =
-khtml-text-decorations-in-effect: none; text-indent: 0px; =
-apple-text-size-adjust: auto; text-transform: none; orphans: 2; =
white-space: normal; widows: 2; word-spacing: 0px; "><div =
style=3D"word-wrap: break-word; -khtml-nbsp-mode: space; =
-khtml-line-break: after-white-space; "><span class=3D"Apple-style-span" =
style=3D"border-collapse: separate; border-spacing: 0px 0px; color: =
rgb(0, 0, 0); font-family: Helvetica; font-size: 11px; font-style: =
normal; font-variant: normal; font-weight: normal; letter-spacing: =
normal; line-height: normal; text-align: auto; =
-khtml-text-decorations-in-effect: none; text-indent: 0px; =
-apple-text-size-adjust: auto; text-transform: none; orphans: 2; =
white-space: normal; widows: 2; word-spacing: 0px; "><span =
class=3D"Apple-style-span" style=3D"border-collapse: separate; =
border-spacing: 0px 0px; color: rgb(0, 0, 0); font-family: Helvetica; =
font-size: 11px; font-style: normal; font-variant: normal; font-weight: =
normal; letter-spacing: normal; line-height: normal; text-align: auto; =
-khtml-text-decorations-in-effect: none; text-indent: 0px; =
-apple-text-size-adjust: auto; text-transform: none; orphans: 2; =
white-space: normal; widows: 2; word-spacing: 0px; "><div><font =
class=3D"Apple-style-span" face=3D"Monaco"><span =
class=3D"Apple-style-span" style=3D"font-family: Monaco; "><span =
class=3D"Apple-style-span" style=3D"font-family: Monaco; =
">--&nbsp;</span></span></font></div><div><font class=3D"Apple-style-span"=
 face=3D"Monaco"><span class=3D"Apple-style-span" style=3D"font-family: =
Monaco; "><span class=3D"Apple-style-span" style=3D"font-family: Monaco; =
">brandon s. allbery [solaris,freebsd,perl,pugs,haskell] <a =
href=3D"mailto:allbery@kf8nh.com">allbery@kf8nh.com</a></span></span></fon=
t></div><div><font class=3D"Apple-style-span" face=3D"Monaco"><span =
class=3D"Apple-style-span" style=3D"font-family: Monaco; "><span =
class=3D"Apple-style-span" style=3D"font-family: Monaco; ">system =
administrator [openafs,heimdal,too many hats] <a =
href=3D"mailto:allbery@ece.cmu.edu">allbery@ece.cmu.edu</a></span></span><=
/font></div><div><font class=3D"Apple-style-span" face=3D"Monaco"><span =
class=3D"Apple-style-span" style=3D"font-family: Monaco; "><span =
class=3D"Apple-style-span" style=3D"font-family: Monaco; ">electrical =
and computer engineering, carnegie mellon university &nbsp; =
&nbsp;KF8NH</span></span></font></div><span class=3D"Apple-style-span" =
style=3D"border-collapse: separate; border-spacing: 0px 0px; color: =
rgb(0, 0, 0); font-family: Helvetica; font-size: 11px; font-style: =
normal; font-variant: normal; font-weight: normal; letter-spacing: =
normal; line-height: normal; text-align: auto; =
-khtml-text-decorations-in-effect: none; text-indent: 0px; =
-apple-text-size-adjust: auto; text-transform: none; orphans: 2; =
white-space: normal; widows: 2; word-spacing: 0px; "><br =
class=3D"Apple-interchange-newline"></span></span></span></div></span> =
</div><br></body></html>=

--Apple-Mail-1-54738862--