Le 02/07/2014 21:15, Benjamin Kaduk a écrit :
On Wed, 2 Jul 2014, Jean-Marc Choulet wrote:
Hello,
Is it possible to change my cell key on all my afs servers. I made a
mistake. I changed the key value with ktadd without -norandkey
Now, I have problem with my AFS filesystem :
root@afs1:~# LANG=C ls /afs/xxxx/users/bjaille2/
ls: cannot open directory /afs/xxxx/users/bjaille2/: Permission denied
That is the expected behavior given what you have done, yes. Clients
that obtain fresh tokens will not be able to authenticate to the AFS
servers.
You need to take the keytab you obtained from the above "ktadd without
-norandkey" and use asetkey to add that key to the appropriate KeyFile
(if it's a 1DES key), or ktutil to add it to the rxkad.keytab
(otherwise).
-Ben
Thank Ben, all works fine :)
We use OpenAFS 1.6.1 on our servers (Debian Wheezy). I think it is not
possible to use rxkad-k5 and rxkad-kdf extensions ?
Jean-Marc
_______________________________________________
OpenAFS-info mailing list
[email protected]
https://lists.openafs.org/mailman/listinfo/openafs-info
