[OpenAFS] Help rekeying cell when both service principals (afs@REALM and afs/cell@REALM)
Mon, 11 Nov 2013 08:42:18 -0700
I've got clients going back as far as Transarc 3.6 -- don't ask ....
there are clients that cannot be changed/rebooted/updated due to
"extreme sensitivity to change."
Right now both forms of the AFS service principal exist: "afs@REALM" and
Realm and cell name are identical.
I had assumed that leaving the existing /usr/afs/etc/KeyFile alone and
_not_ updating afs@REALM (with new encryption type for rekey effort) was
the correct approach.
Is this in fact correct?
Given that there are both principals is there something else I've missed
relevant to the rekey process?
I had also assumed that, given the ancient versions of some of my
clients, I must leave the afs@REALM principal in place.
Is that correct?
Obviously I've had some surprises trying to get the rekeying accomplished.
Any pointers greatly appreciated.