"Christopher D. Clausen" <[EMAIL PROTECTED]> replied: > Joe Buehler <[EMAIL PROTECTED]> wrote: > > Converting to Kerberos V has been a bit frustrating -- you can't just > > follow a recipe, you have to use Google and learn quite a bit about > > K5 and AFS to work through it all. I'm still learning. > > Well, once you have things working, please write up a recipe for others > to follow. > > <<CDC
My recipe for starting a new cell is here: /afs/umich.edu/user/m/d/mdw/wp/uniq.2k Of course there are bits that are afs version & os environment dependent, or even configuration dependent. For converting to kerberos V, kenh's notes are still the ones you want. For key/salt, it doesn't matter what you specify on the ank line. I use ank -randkey afs not because I value the random key, but simply because it won't prompt for a password. I then use: ktadd -e des-cbc-crc:v4 -k /tmp/afs.kt afs here the encryption type does matter. Somebody commented that the salt type is ignored. That is almost correct; it checks the spelling and *then* ignores the type. "v4" is short -- afs3 or normal would work identically. Doing the ktadd effectively does another "-randkey"; each time you rerun ktadd, it will change the key & bump the kvno. Probably the afs documentation should be clearer about this; this seems to be a common point of confusion. There is certainly room to improve the afs end of things. Future versions of openafs should be better about building k5 versions of aklog/asetkey/klog. Also future vesions of pt should allow the use of "pts -localauth" to add the first principal to the pt database, which will obliviate the need to use either "-noauth" or "pt_util -w" to do this. -Marcus _______________________________________________ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info