[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Problems getting an AFS keyfile

On Mon, Nov 20, 2000 at 11:58:23AM +0100, Torbjörn Moa wrote:
> What is the best way to get an AFS+heimdal installation working, given
> that neither has been installed before so there are no databases to
> convert etc?

To get the keys set up, I'd suggest using bos addkey and string2key, which
will look something like this:

$ bos addkey afsserver -kvno 2 -cell physto.se
Input key: <afs passwd>
Retype input key: <afs passwd>
$ string2key -a
AFS cell: physto.se
Password: <afs passwd>
AFS key: 5e8cd0dc8394ecad
$ kadmin ank --key=5e8cd0dc8394ecad afs
Max ticket life [unlimited]:
Max renewable life [unlimited]:
Principal expiration time [never]:
Password expiration time [never]:
Attributes []:

Please note that -kvno is 2. I'm not entirely sure why, but it works for me.
If it doesn't work for you, check the kvno in heimdal.

> [libdefaults]
>         default_realm = PHYSTO.SE
> [realms]
>         PHYSTO.SE = {
>                 kdc = kdc.physto.se
>                 admin_server = kerberos.physto.se
>         }
> [domain_realm]
>         .physto.se = PHYSTO.SE
> [kdc]
>         enable-kerberos4 = yes
>         v4-realm = PHYSTO.SE
>         enable-kaserver = yes

I'd also add
	default_keys = des:pw-salt: afs3-salt:physto.se
to help with AFS-salting the keys.

Kalle Svensson, Konsult, Nohup AB
Epost: kalle@nohup.se
Telefon: 08 4587812