[OpenAFS] Quick assist - admin principal (krb5 KDC)
Russ Allbery
rra@stanford.edu
Mon, 01 Jun 2009 13:52:18 -0700
Jeff Blaine <jblaine@kickflop.net> writes:
> We're still using kaserver for now, but I noticed the other day that I
> did not know the password for our krb5 'admin' principal, so
> eventually this needs to be fixed.
Or you can create a different privileged user in AFS. Either works.
AFS just cares about whether the principal listed in
system:administrators and in UserList, so you can create a new admin
account (or one for each admin, which is what we do).
> The current entry is as such, questions following:
>
> Principal: admin@RCF.FOO.COM
> Expiration date: Wed Dec 30 19:00:00 EST 2037
> Last password change: [never]
> Password expiration date: [none]
> Maximum ticket life: 1 days 00:00:00
> Maximum renewable life: 1 days 00:00:00
> Last modified: Mon Feb 18 16:12:05 EST 2008 (admin@RCF.FOO.COM)
> Last successful authentication: [never]
> Last failed authentication: [never]
> Failed password attempts: 0
> Number of keys: 1
> Key: vno 21, DES cbc mode with CRC-32, AFS version 3
> Attributes:
> Policy: [none]
>
> 1. Once kaserver is turned off, does this enctype need
> to stay this way, or is this a remnant of me flailing
> while setting this up back then?
Nope, it can have any enctype you want. Only the afs key matters.
--
Russ Allbery (rra@stanford.edu) <http://www.eyrie.org/~eagle/>