Hi everyone, I need to rotate the password/keytab for our AFS service principal. We're using OpenAFS 1.6.15 with rxkad.keytab (no KeyFile) and MIT Kerberos on the KDC.
I'm looking for some guidance on how to do that. It looks like the 'ktadd' command in kadmin doesn't allow you to keep old passwords. My plan is to use ktutil to construct a new keytab, deploy the new keytab (current and future keys) to the file/cell servers, then change the password on the KDC. When changing the password, do I need to use the '-keepold' option to cpw? What other gotchas can I expect? Does this require a service outage or is it seam-less for users? Thanks, Jason --------------------------------------------------------------------------- Jason Edgecombe | Linux Administrator UNC Charlotte | The William States Lee College of Engineering 9201 University City Blvd. | Charlotte, NC 28223-0001 Phone: 704-687-1943 [email protected] | http://engr.uncc.edu | Facebook --------------------------------------------------------------------------- If you are not the intended recipient of this transmission or a person responsible for delivering it to the intended recipient, any disclosure, copying, distribution, or other use of any of the information in this transmission is strictly prohibited. If you have received this transmission in error, please notify me immediately by reply e-mail or by telephone at 704-687-1943. Thank you.
