[OpenAFS] Creating service principal and keytab from active directory for afs/cell

Owen Le Blanc LeBlanc@mcc.ac.uk
Thu, 26 Sep 2013 09:54:56 +0100


--001a113368762aacff04e74586b8
Content-Type: text/plain; charset=ISO-8859-1

I found a page of instructions at
wiki.openafs.org/WindowsK5AfsServicePrincipal
which is to create a keytab for the user afs/cell@REALM.  It seems to me
that on
current AFS cells, i.e., updated after the recent security patch, there are
a number of
changes that need to be made to this page (which is 6 years old).

Can the user now be afs/cell/cellname@REALM?
Do you still need to use DES encryption types?
Shouldn't the crypto be not DES but arcfour-hmac-md5?

What other changes should or could be made to this page?

     -- Owen Le Blanc

--001a113368762aacff04e74586b8
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><div>I found a page of instructions at <a href=3D"http://w=
iki.openafs.org/WindowsK5AfsServicePrincipal">wiki.openafs.org/WindowsK5Afs=
ServicePrincipal</a></div><div>which is to create a keytab for the user afs=
/cell@REALM. =A0It seems to me that on</div>
<div>current AFS cells, i.e., updated after the recent security patch, ther=
e are a number of</div><div>changes that need to be made to this page (whic=
h is 6 years old).</div><div><br></div><div>Can the user now be afs/cell/ce=
llname@REALM?</div>
<div>Do you still need to use DES encryption types?</div><div>Shouldn&#39;t=
 the crypto be not DES but arcfour-hmac-md5?</div><div><br></div><div>What =
other changes should or could be made to this page?</div><div><br></div>
<div>=A0 =A0 =A0-- Owen Le Blanc</div></div>

--001a113368762aacff04e74586b8--