Thank you very much for responding. > Your server OS is Windows 2000. What is the AFS Server > version?
IBM AFS v3.5 (works great) > > Our KDC is a Windows server managed by someone else who wants to upgrade > > it, which will probably break krb to the Win2K AFS server. > > Why do you believe this to be true? The KDC/Microsoft SysAdmin knows more about Kerberos than I, & knew the former admin who built the Win2K AFS server & did tweaking of it; he's pretty sure his planned upgrade on the KDC will break this win2K AFS hacked kerberos. So he strongly advises migrating AFS to another platform, & our standard (now) is SL4.5. Seems a good idea to retire a Win2K server anyway. His KDC is currently Win2003, I'm not sure what he wants to upgrade. But he's quite sure the tweaked kerberos used by the Win2K server will break. All How-to AFS-server doc found so far seems to expect the AFS admin is full KDC admin (and on Unix too). But I have no access to our microsoft KDC - am 'just a customer' of it. > > I found a KeyFile on the Win2K AFS server (type data), > > The KeyFile is the AFS file that contains the AFS keys. > All servers in the AFS cell must have a copy of it. This is not a keytab > file. Thank you for that info! What is done then with the type=data Keyfile from a Win2K IBM AFS 3.5 server on an SL4.5 mirrored AFS server? Is it possible to setup a secondary AFS server 'peer' or 'mirror'?? Does anyone know or can point to any info? There is doc on how to build a secondary database server, but will that have 'everything' to take over so the first server can be shut down? Otherwise the SL4.5 server needs to be built in a wholly test AFS domain then rebuilt in a maint outage as 'real' server. Should the standard path be /etc/openafs, or /usr/afs as the rpm installs? Very grateful for any help! Send instant messages to your online friends http://uk.messenger.yahoo.com _______________________________________________ OpenAFS-info mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-info
