[OpenAFS] New installation, linux server, AD kerberos

Benjamin Kaduk kaduk@mit.edu
Tue, 20 Jun 2017 22:21:45 -0500


On Tue, Jun 20, 2017 at 09:41:04PM +0000, John D'Ausilio wrote:
> Thanks for the clues, moved me a bit further along. After reading the unix quickstart again, I noticed the note re: asetkey and 1.8 .. but I can't find anywhere where it says anything about copying the keytab intact.
> Once I get it working I'll post a (hopefully complete) procedure for the next guy ..

Thanks for doing that.

Just to double check, where are you getting your QuickStartUnix
guide from?  (I think the copy on the website is not rebuild
automatically, and only the XML source in the git master branch gets
updated very often.)

But, e.g., http://doc.openafs.org/QuickStartUnix/HDRWQ50.html notes:

  The OpenAFS 1.8.x series stores the cell-wide shared keys in the
  file /usr/afs/etc/KeyFileExt, whereas the 1.6.x series uses a krb5
  keytab format file in /usr/afs/etc/rxkad.keytab. These instructions
  create both files, but populating the KeyFileExt file will only
  succeed using the version of asetkey from OpenAFS 1.8.x.

-Ben