[OpenAFS] asetkey question

Jean-Marc Choulet jm130794@gmail.com
Wed, 02 Jul 2014 22:08:30 +0200


Le 02/07/2014 21:15, Benjamin Kaduk a écrit :
> On Wed, 2 Jul 2014, Jean-Marc Choulet wrote:
>
>> Hello,
>>
>> Is it possible to change my cell key on all my afs servers. I made a 
>> mistake. I changed the key value with ktadd without -norandkey
>>
>> Now, I have problem with my AFS filesystem :
>>
>> root@afs1:~# LANG=C ls /afs/xxxx/users/bjaille2/
>> ls: cannot open directory /afs/xxxx/users/bjaille2/: Permission denied
>
> That is the expected behavior given what you have done, yes. Clients 
> that obtain fresh tokens will not be able to authenticate to the AFS 
> servers.
>
> You need to take the keytab you obtained from the above "ktadd without 
> -norandkey" and use asetkey to add that key to the appropriate KeyFile 
> (if it's a 1DES key), or ktutil to add it to the rxkad.keytab 
> (otherwise).
>
> -Ben

Thank Ben, all works fine :)

We use OpenAFS 1.6.1 on our servers (Debian Wheezy). I think it is not 
possible to use rxkad-k5 and rxkad-kdf extensions ?

Jean-Marc