This is why we strongly recommend that the afs/cell@REALM form of service tickets be used in all cases. afs/cell can be used with Kerberos referrals and when dns realm hierarchies must be searched.
A sanity check on this would be greatly appreciated. I've shot myself in the foot before here (a few times). So then to migrate from afs@REALM to afs/cell@REALM without interruption: 1. Create afs/cell@REALM just as afs@REALM was 2. Extract keytab for afs/cell@RALM 3. Add key(s) for afs/cell@RALM to OpenAFS KeyFile on "etc" upserver 4. After at least "max ticket lifetime", remove the old key from KeyFile and also remove the principal from KDC. _______________________________________________ OpenAFS-info mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-info
