On Fri, 27 Apr 2012 19:48:19 +0200 Stephan Wiesand <[email protected]> wrote:
> supposed one has to rename an AFS cell (and the krb5 realm responsible > for authentication), what would be the steps to take? Once the KDCs > are fully functional for the new realm, is the following sufficient? I thought renaming a krb5 realm was difficult... isn't the realm name used as part of the salt? Or should I just assume you've already handled this? :) Renaming the realm isn't required, but I can certainly see why you'd want to. > 1) shut down all AFS clients, Fileservers, DB servers > 2) replace all ThisCell & CellServDB files, and the KeyFiles > 3) start the servers > 4) start the clients Whether or not you even need to restart the clients I think depends on how you're using them wrt dynroot. But yeah, I think that's sufficient. We don't really store the cell name in any databases or anything if you're not using kaserver, so a cell doesn't tend to really be aware of what it's own name is, aside from the entries in CellServDB/ThisCell. Technically I think you may be able to just change client configuration, with the servers still thinking the cell name is the old one, and it may at least mostly work. But that's obviously not the recommended way. I'm sure you're aware that this isn't a very common operation, though, so this process isn't well-tested. I think I've only done something like this once or twice, but I don't remember any special steps required. -- Andrew Deason [email protected] _______________________________________________ OpenAFS-info mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-info
