Re: [OpenAFS] Re: AFS + CrossRealm + FreeIPA + Migration

2014-11-10 Thread Andreas Ladanyi
Hi, > On Fri, 07 Nov 2014 16:05:11 +0100 > Andreas Ladanyi wrote: > >> sorry i didnt told that. In FreeIPA you must enable the DES salttype. I >> enabled the des-cbc-crc:normal and des-cbc-crc:v4. > I'm not too familiar with FreeIPA, but usually you need to enable "weak > enctypes" separately from

Re: [OpenAFS] OpenAFS 1.6.5/1.6.10 - server segfaults during migration to rxkad-k5

2014-11-10 Thread Volkmar Glauche
Zitat von Benjamin Kaduk : On Fri, 7 Nov 2014, Volkmar Glauche wrote: mit-krb5# ktutil ktutil: rkt /etc/openafs/server/rxkad.keytab ktutil: l slot KVNO Principal - 10 afs/cell@REALM 20 afs/cell@REALM

[OpenAFS] Re: AFS + CrossRealm + FreeIPA + Migration

2014-11-10 Thread Andrew Deason
On Mon, 10 Nov 2014 10:09:54 +0100 Andreas Ladanyi wrote: > Now aklog works and i can get a AFS token. Why are all this keys > important for aklog ? Or which key exeptly the DES key is important ? That is indeed a bit puzzling; it's possible ipa-getkeytab does something else that makes this work

[OpenAFS] backup strategy

2014-11-10 Thread Russell Button
I'm the new guy on the sysadmin team at the company. Of course I get annointed to be King of Backups. Nobody else wanted to do it and I'm a sucker for always being willing to do the dirty and un-fun work. I've never worked with AFS before, let alone configured a backup strategy for it. So this

[OpenAFS] Re: OpenAFS 1.6.5/1.6.10 - server segfaults during migration to rxkad-k5

2014-11-10 Thread Andrew Deason
On Mon, 10 Nov 2014 14:24:49 +0100 Volkmar Glauche wrote: > I've never used kaserver/kerberos4, but maybe I followed installation > guidelines that still had kaserver in mind and proposed kvno=0. Would > bumping the kvno affect existing tokens/Keyfiles that are still > relying on kvno=0? If so,

[OpenAFS] Re: backup strategy

2014-11-10 Thread Andrew Deason
On Mon, 10 Nov 2014 11:53:33 -0800 Russell Button wrote: > I get the impression that AFS is this amorphous cloud of data storage. > So when you backup stuff, it's not as if it's organized by machine and > file system. It's not really much different for AFS than most other things. Your files are

Re: [OpenAFS] Re: OpenAFS 1.6.5/1.6.10 - server segfaults during migration to rxkad-k5

2014-11-10 Thread Benjamin Kaduk
On Mon, 10 Nov 2014, Andrew Deason wrote: > On Mon, 10 Nov 2014 14:24:49 +0100 > Volkmar Glauche wrote: > > > I've never used kaserver/kerberos4, but maybe I followed installation > > guidelines that still had kaserver in mind and proposed kvno=0. Would > > bumping the kvno affect existing token

[OpenAFS] Re: OpenAFS 1.6.5/1.6.10 - server segfaults during migration to rxkad-k5

2014-11-10 Thread Andrew Deason
On Mon, 10 Nov 2014 22:23:51 -0500 (EST) Benjamin Kaduk wrote: > On Mon, 10 Nov 2014, Andrew Deason wrote: > > > On Mon, 10 Nov 2014 14:24:49 +0100 > > Volkmar Glauche wrote: > > > > > I've never used kaserver/kerberos4, but maybe I followed installation > > > guidelines that still had kaserver