[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Problems getting an AFS keyfile
On Mon, Nov 20, 2000 at 11:58:23AM +0100, Torbjörn Moa wrote:
[snip]
> What is the best way to get an AFS+heimdal installation working, given
> that neither has been installed before so there are no databases to
> convert etc?
To get the keys set up, I'd suggest using bos addkey and string2key, which
will look something like this:
$ bos addkey afsserver -kvno 2 -cell physto.se
Input key: <afs passwd>
Retype input key: <afs passwd>
$ string2key -a
AFS cell: physto.se
Password: <afs passwd>
AFS key: 5e8cd0dc8394ecad
$ kadmin ank --key=5e8cd0dc8394ecad afs
Max ticket life [unlimited]:
Max renewable life [unlimited]:
Principal expiration time [never]:
Password expiration time [never]:
Attributes []:
Please note that -kvno is 2. I'm not entirely sure why, but it works for me.
If it doesn't work for you, check the kvno in heimdal.
> [libdefaults]
> default_realm = PHYSTO.SE
> [realms]
> PHYSTO.SE = {
> kdc = kdc.physto.se
> admin_server = kerberos.physto.se
> }
> [domain_realm]
> .physto.se = PHYSTO.SE
> [kdc]
> enable-kerberos4 = yes
> v4-realm = PHYSTO.SE
> enable-kaserver = yes
I'd also add
[kadmin]
default_keys = des:pw-salt: afs3-salt:physto.se
to help with AFS-salting the keys.
HTH,
Kalle
--
Kalle Svensson, Konsult, Nohup AB
Epost: kalle@nohup.se
Telefon: 08 4587812