Script for KRB5 cold install (SuSE Linux): ########### clear out all key files
rm /usr/afs/etc/KeyFile rm /etc/krb5.keytab cd /var/lib/kerberos/krb5kdc rm .k5.HOME.TED-DORIS.FAM principal* kadm5.keytab #note kadm5.keytab is created on first startup of server #create database and stash kdb5_util create -r HOME.TED-DORIS.FAM -s ### creates files:.k5.HOME.TED-DORIS.FAM principal.* ############ add kadmin principals ############ add host server (need IP address for some reason on dual homed nome.home.ted-doris.fam kadmin.local -q "ank -randkey -k /etc/krb5.keytab host/10.1.1.193" kadmin.local -q "ank -randkey kadmin/[EMAIL PROTECTED]" WRFILE:/var/lib/kerberos/krb5kdc/kadm5.keytab. ########### add kadmin principals to kadmin keytab kadmin.local -q "ktadd -k /var/lib/kerberos/krb5kdc/kadm5.keytab kadmin/admin kadmin/changepw" ########### check that kadmn5.keytab ws created ktutil ktutil: ? ktutil: rkt kadm5.keytab ktutil: l slot KVNO Principal ---- ---- --------------------------------------------------------------------- 1 3 kadmin/[EMAIL PROTECTED] 2 3 kadmin/[EMAIL PROTECTED] 3 3 kadmin/[EMAIL PROTECTED] 4 3 kadmin/[EMAIL PROTECTED] 5 3 kadmin/[EMAIL PROTECTED] 6 3 kadmin/[EMAIL PROTECTED] 7 3 kadmin/[EMAIL PROTECTED] 8 3 kadmin/[EMAIL PROTECTED] ############add admin principals kadmin.local -q "addprinc admin" kadmin.local -q "addprinc admin/admin" ############ add afs server kadmin.local -q "addprinc -randkey [EMAIL PROTECTED]" ############ start all servers ./startkrb.sh Starting Kerberos 5 Admin Server done Starting Kerberos 5 KDC done Starting Kerberos 5-to-4 Server done ############ add single des key to /etc/krb5.keytab kadmin.local -q "ktadd -k /etc/krb5.keytab -e des-cbc-crc:normal afs" ############ verify key versin number (kvno) with ktutil ktutil ktutil: rkt /etc/krb5.keytab slot KVNO Principal ---- ---- --------------------------------------------------------------------- 1 3 [EMAIL PROTECTED] ############ move key 3 to /usr/afs/etc/KeyFile asetkey add 3 /etc/krb5.keytab afs Entry for principal afs with kvno 3, encryption type DES cbc mode with CRC-32 added to keytab WRFILE:/etc/krb5.keytab ########### verify login and access to afs kinit admin Password for [EMAIL PROTECTED]:**** klist Ticket cache: FILE:/tmp/krb5cc_0 Default principal: [EMAIL PROTECTED] Valid starting Expires Service principal 12/05/06 13:41:37 12/06/06 13:41:37 krbtgt/[EMAIL PROTECTED] Kerberos 4 ticket cache: /tmp/tkt0 klist: You have no tickets cached #get afs tokens aklog ##should now directories below /afs as /afs/.home.ted-doris.fam, etc. ls /afs/ _______________________________________________ OpenAFS-info mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-info
