>Let me be a little clearer about what I want to do: (These questions are I believe answered in the migration kit documentation, but to cover them briefly here, since you'll have to read a fair amount to get to them).
>This is a brand new cell and realm: there is no existing data to be >migrated. So do I just need an afs@REALM principal on the KDC, and >ka-forwarder in place on the OpenAFS machines? Yup. Well, one additional thing: you'll need to place that service key on your database/fileservers ... and make sure it's the SAME key on all machines (just don't run ktadd on each machine). You can't put it in a regular keytab; you need to put it into a special "keyfile", and the tool asetkey will do that. Also note you'll need to make sure it's a des-cbc-crc key, not a 3des key. >There are no preexisting >keys or kvnos that I have; do I still need to create them with kaserver >and then migrate them, or can I just create them on the KDC? Just create them on the KDC. >Do I just >skip creating the kaserver with bos and instead create a ka-forwarder? Yup. --Ken _______________________________________________ OpenAFS-devel mailing list [EMAIL PROTECTED] https://lists.openafs.org/mailman/listinfo/openafs-devel
