John:
If you want to preserve a little bit more of the metadata in the kaserver
database when converting to Kerberos 5, take a look at:
http://www-personal.engin.umich.edu/~wingc/openafs/dist/1.3.86/SOURCES/afs-krb5-2.0-betterka2dump.patch
this is a patch against 'afs2k5db' which does the following:
- preserves the semantics of the 'NOTGS' flag in ka entries
- preserves the 'password last changed' timestamp
- uses the correct value for password expiration time (0 means
never, not 2145830400)
You can also use the following script on top of that:
http://www-personal.engin.umich.edu/~wingc/openafs/dist/1.3.86/SOURCES/kas-kdb-merge.pl
which will merge back in the information about which user last modified a
given ka database entry. Otherwise this information will be lost when you
convert to krb5.
The script would be used as follows:
kas list -long >/tmp/kas_output.txt
afs2k5db /usr/afs/db/kasrver.0 >/tmp/krb5-dumpfile
./kas-kdb-merge.pl /tmp/krb5-dumpfile /tmp/kas-output.txt YOUR.REALM.NAME
>/tmp/final-krb5-database
This is only important if you care about preserving as much information as
possible from the original kaserver database; you can use the unpatched
afs2k5db as-is without any problems.
-Chris Wing
[EMAIL PROTECTED]
I finally have a few days to migrate our cell from AFS-KRB to Kerb5.
We have a few hundred users and I'd like to migrate the cell without
too much disruption. Looking at the AFS wiki, I find
- dead links to Ken Hornstein's AFS-KRB 5 migration kit
(the FTP server doesn't exist any more?)
- dead links to Schulz at Karlsruhe's info on migration
- a live AFS file (date 2001) on using KTH Heimdal's Krb5
Has the train left the station long ago?
_______________________________________________
OpenAFS-info mailing list
[email protected]
https://lists.openafs.org/mailman/listinfo/openafs-info
