[OpenAFS] asetkey question
Jean-Marc Choulet
jm130794@gmail.com
Wed, 02 Jul 2014 22:08:30 +0200
Le 02/07/2014 21:15, Benjamin Kaduk a écrit :
> On Wed, 2 Jul 2014, Jean-Marc Choulet wrote:
>
>> Hello,
>>
>> Is it possible to change my cell key on all my afs servers. I made a
>> mistake. I changed the key value with ktadd without -norandkey
>>
>> Now, I have problem with my AFS filesystem :
>>
>> root@afs1:~# LANG=C ls /afs/xxxx/users/bjaille2/
>> ls: cannot open directory /afs/xxxx/users/bjaille2/: Permission denied
>
> That is the expected behavior given what you have done, yes. Clients
> that obtain fresh tokens will not be able to authenticate to the AFS
> servers.
>
> You need to take the keytab you obtained from the above "ktadd without
> -norandkey" and use asetkey to add that key to the appropriate KeyFile
> (if it's a 1DES key), or ktutil to add it to the rxkad.keytab
> (otherwise).
>
> -Ben
Thank Ben, all works fine :)
We use OpenAFS 1.6.1 on our servers (Debian Wheezy). I think it is not
possible to use rxkad-k5 and rxkad-kdf extensions ?
Jean-Marc