On Mon, 2 May 2022 15:33:24 +0000 <[email protected]> wrote:
> I usually follow the quick start guide > https://docs.openafs.org/QuickStartUnix/HDRWQ50.html in particular. > > It also explains the particulars about the new key file format and key types. > > I have used this method successfully for new AES keys. Just keep in mind the "Quick Start Guide" uses the legacy paths. You will need to translate to the modern style paths used on Debian. (e.g. /etc/openafs/server instead of /usr/afs/etc). Recent versions of OpenAFS have the akeyconvert utility, which is nicer to use than the old asetkey command, since that will sort out the enc types and kvno values for you. Unfortunately, both akeyconvert and asetkey currently require the server side CellServDB and ThisCell files to be present. Those files are normally created and managed by the bosserver, but you'll want to create the key files before running the bosserver. The current workaround is to be sure the /etc/openafs/server/{CellServDB,ThisCell} files are present before running asetkey or akeyconvert. Finally, just to mention, the Ansible Collection for OpenAFS is useful for setting up test cells. The openafs_server role will setup the fileserver and db servers, You can use the "managed" install method to install packages with apt. https://github.com/openafs-contrib/ansible-openafs Thanks, Mike -- Michael Meffie <[email protected]> _______________________________________________ OpenAFS-info mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-info
