[OpenAFS] Help rekeying cell when both service principals (afs@REALM and afs/cell@REALM)
exist
Kim Kimball
dhk@ccreinc.com
Mon, 11 Nov 2013 08:42:18 -0700
Hi all,
I've got clients going back as far as Transarc 3.6 -- don't ask ....
there are clients that cannot be changed/rebooted/updated due to
"extreme sensitivity to change."
Right now both forms of the AFS service principal exist: "afs@REALM" and
"afs@cellname@REALM"
Realm and cell name are identical.
I had assumed that leaving the existing /usr/afs/etc/KeyFile alone and
_not_ updating afs@REALM (with new encryption type for rekey effort) was
the correct approach.
Is this in fact correct?
Given that there are both principals is there something else I've missed
relevant to the rekey process?
I had also assumed that, given the ancient versions of some of my
clients, I must leave the afs@REALM principal in place.
Is that correct?
Obviously I've had some surprises trying to get the rekeying accomplished.
Any pointers greatly appreciated.
Kim Kimball