On 12/11/2012 4:30 PM, Steve Gaarder wrote: > On Tue, 11 Dec 2012, Jeffrey Altman wrote: > >> Upgrading your AFS principal from afs@ to afs/math.cornell.edu@ will >> fix this problem >> and shorten the time it takes all AFS clients to obtain afs tokens. >> > Thanks. My next question is: if I do this, will it break existing > sessions using tokens obtained via afs@? Here's how I think I should > make the change: > > 1. Create afs/[email protected] > 2. Store the key in a keytab file > 3. Use asetkey to add the key to the keyfile on each of the AFS servers
AFS does not associate a name with the key. It only associates a key version number with the key. All you need to do is ensure that the key version number for afs/math.cornell.edu does not match one of the existing kvno values in the AFS KeyFile. Please see the "Managing Server Encryption Keys" section of the Administrator Guide. http://docs.openafs.org/AdminGuide/index.html#HDRWQ355.html Jeffrey Altman
signature.asc
Description: OpenPGP digital signature
