[OpenAFS] New installation, linux server, AD kerberos
Benjamin Kaduk
kaduk@mit.edu
Tue, 20 Jun 2017 22:21:45 -0500
On Tue, Jun 20, 2017 at 09:41:04PM +0000, John D'Ausilio wrote:
> Thanks for the clues, moved me a bit further along. After reading the unix quickstart again, I noticed the note re: asetkey and 1.8 .. but I can't find anywhere where it says anything about copying the keytab intact.
> Once I get it working I'll post a (hopefully complete) procedure for the next guy ..
Thanks for doing that.
Just to double check, where are you getting your QuickStartUnix
guide from? (I think the copy on the website is not rebuild
automatically, and only the XML source in the git master branch gets
updated very often.)
But, e.g., http://doc.openafs.org/QuickStartUnix/HDRWQ50.html notes:
The OpenAFS 1.8.x series stores the cell-wide shared keys in the
file /usr/afs/etc/KeyFileExt, whereas the 1.6.x series uses a krb5
keytab format file in /usr/afs/etc/rxkad.keytab. These instructions
create both files, but populating the KeyFileExt file will only
succeed using the version of asetkey from OpenAFS 1.8.x.
-Ben