> Heimdal's "kt_extract" (kadmin command) extracts a key without > generating a new one. (This is generally considered a bad thing; I > could see it being limited to kadmin's "local mode" in the future.) > Other mechanisms will indeed create a new key.
This last sentence is exactly what I wanted to be certain about. Thanks!
> With heimdal you could use ktutil to copy the newly extracted keytab
> into the KeyFile:
>
> ktutil copy FILE:mykt AFSKEYFILE:KeyFile
So the same procedure as that which was used initially to create the AFS
keyfile still works. This is good to know, too.
> This would still leave all outstanding tokens broken, but "aklog"
> should recover once the KeyFile is back in sync with the KDC.
Well, since this would only be required in case the keytab was out of sync
with AFS KeyFile, I doubt this is something to worry about. Or did I miss
something here?
--
-----------------------------------------------
| Juha Jäykkä, [EMAIL PROTECTED] |
| Laboratory of Theoretical Physics |
| Department of Physics, University of Turku |
| home: http://www.utu.fi/~juolja/ |
-----------------------------------------------
pgprS3kHBk7PQ.pgp
Description: PGP signature
