[OpenAFS] Creating service principal and keytab from active directory for afs/cell
Owen Le Blanc
LeBlanc@man.ac.uk
Wed, 25 Sep 2013 15:58:37 +0100
--001a1133e330f0340a04e7367c7d
Content-Type: text/plain; charset=ISO-8859-1
I found a page of instructions at
wiki.openafs.org/WindowsK5AfsServicePrincipal
which is to create a keytab for the user afs/cell@REALM. It seems to me
that on
current AFS cells, i.e., updated after the recent security patch, there are
a number of
changes that need to be made to this page (which is 6 years old).
Can the user now be afs/cell/cellname@REALM?
Do you still need to use DES encryption types?
Shouldn't the crypto be not DES but arcfour-hmac-md5?
What other changes should or could be made to this page?
-- Owen Le Blanc
--001a1133e330f0340a04e7367c7d
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
<div dir=3D"ltr">I found a page of instructions at=A0<a href=3D"http://wiki=
.openafs.org/WindowsK5AfsServicePrincipal">wiki.openafs.org/WindowsK5AfsSer=
vicePrincipal</a><div>which is to create a keytab for the user afs/cell@REA=
LM. =A0It seems to me that on</div>
<div>current AFS cells, i.e., updated after the recent security patch, ther=
e are a number of</div><div>changes that need to be made to this page (whic=
h is 6 years old).</div><div><br></div><div>Can the user now be afs/cell/ce=
llname@REALM?</div>
<div>Do you still need to use DES encryption types?</div><div>Shouldn't=
the crypto be not DES but arcfour-hmac-md5?</div><div><br></div><div>What =
other changes should or could be made to this page?</div><div><br></div>
<div>=A0 =A0 =A0-- Owen Le Blanc</div></div>
--001a1133e330f0340a04e7367c7d--