Jeff Blaine wrote: > Something I've never been very clear on as part of the > conversion to Kerberos 5: The whole asetkey and afs > principal operation. > > Could anyone explain what is going on there in detail > for my (and everyone's) understanding/documentation? Hi Jeff,
Here is my (possibly flawed) understanding of the background: The [EMAIL PROTECTED] kerberos principle is the crypto key that all AFS servers use to talk to once another. A client authenticates to kerberos and then runs aklog to get a ticket for the AFS service. It does this by having the asking the KDC for the afs/[EMAIL PROTECTED], then [EMAIL PROTECTED] service principals using whichever is found first. The key for the afs/[EMAIL PROTECTED] principal or [EMAIL PROTECTED] principal is used by all AFS servers and resides in the Keyfile. The asetkey command takes the kerberos keytab for the kerberos afs principal and stores it in the Keyfile in a format that the AFS server understands. Someone please correct me if I'm wrong. Jason _______________________________________________ OpenAFS-info mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-info
