[OpenAFS] asetkey question
Benjamin Kaduk
kaduk@MIT.EDU
Wed, 2 Jul 2014 15:15:37 -0400 (EDT)
On Wed, 2 Jul 2014, Jean-Marc Choulet wrote:
> Hello,
>
> Is it possible to change my cell key on all my afs servers. I made a mistake.
> I changed the key value with ktadd without -norandkey
>
> Now, I have problem with my AFS filesystem :
>
> root@afs1:~# LANG=C ls /afs/xxxx/users/bjaille2/
> ls: cannot open directory /afs/xxxx/users/bjaille2/: Permission denied
That is the expected behavior given what you have done, yes. Clients that
obtain fresh tokens will not be able to authenticate to the AFS servers.
You need to take the keytab you obtained from the above "ktadd without
-norandkey" and use asetkey to add that key to the appropriate KeyFile (if
it's a 1DES key), or ktutil to add it to the rxkad.keytab (otherwise).
-Ben