> Heimdal's "kt_extract" (kadmin command) extracts a key without > generating a new one. (This is generally considered a bad thing; I > could see it being limited to kadmin's "local mode" in the future.) > Other mechanisms will indeed create a new key.
This last sentence is exactly what I wanted to be certain about. Thanks! > With heimdal you could use ktutil to copy the newly extracted keytab > into the KeyFile: > > ktutil copy FILE:mykt AFSKEYFILE:KeyFile So the same procedure as that which was used initially to create the AFS keyfile still works. This is good to know, too. > This would still leave all outstanding tokens broken, but "aklog" > should recover once the KeyFile is back in sync with the KDC. Well, since this would only be required in case the keytab was out of sync with AFS KeyFile, I doubt this is something to worry about. Or did I miss something here? -- ----------------------------------------------- | Juha Jäykkä, [EMAIL PROTECTED] | | Laboratory of Theoretical Physics | | Department of Physics, University of Turku | | home: http://www.utu.fi/~juolja/ | -----------------------------------------------
pgprS3kHBk7PQ.pgp
Description: PGP signature