>The concepts. The mechanics I can follow (and have). > >I just think it would be great to have a very clear >description of what those few steps are all about >(for my documentation which I intend to make as clear >as possible for everyone and share).
Well ... this gets back into the overlap between Kerberos and AFS. Let me ask you this: do you understand how Kerberos works? Why you need to create service principals for Kerberized services? If the answer to both of these questions is "yes", then the short answer to your question is due to historical concerns, the service key for AFS is stored in it's own file and asetkey is used to bridge the gap between the Kerberos keytab and the AFS KeyFile. If the answer to the questions I have asked is "no", then the best thing you should do is read up on how Kerberos authentication works. That's not meant to be flippant; it's just that any explanation I could give you now would be rather short and incomplete. Once you understand how Kerberos works, then the purpose of the AFS principal and the KeyFile should be obvious. --Ken _______________________________________________ OpenAFS-info mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-info
