[OpenAFS] Quick assist - admin principal (krb5 KDC)

Jeff Blaine jblaine@kickflop.net
Mon, 01 Jun 2009 16:44:58 -0400


We're still using kaserver for now, but I noticed the other
day that I did not know the password for our krb5 'admin'
principal, so eventually this needs to be fixed.

We use admin/admin for KDC administration, which doesn't
work for privileged AFS ops.

The current entry is as such, questions following:

Principal: admin@RCF.FOO.COM
Expiration date: Wed Dec 30 19:00:00 EST 2037
Last password change: [never]
Password expiration date: [none]
Maximum ticket life: 1 days 00:00:00
Maximum renewable life: 1 days 00:00:00
Last modified: Mon Feb 18 16:12:05 EST 2008 (admin@RCF.FOO.COM)
Last successful authentication: [never]
Last failed authentication: [never]
Failed password attempts: 0
Number of keys: 1
Key: vno 21, DES cbc mode with CRC-32, AFS version 3
Attributes:
Policy: [none]

1.  Once kaserver is turned off, does this enctype need
     to stay this way, or is this a remnant of me flailing
     while setting this up back then?

2.  No question, just feel free to comment on the on/off
     track nature of what you see.