On Wed, Sep 14, 2022 at 05:36:00PM +0100, Jose M Calhariz wrote: > Hi > > I am creating a new OpenAFS cell for testing purposes and found the > the file README.server.gz with some instructions a bit out of date. > This makes the new cell setup dificult to a inexperienced OpenAFS > sysadmin. > > As I found a similar problem with OpenAFS in Debian 11. I think this > bug is still relevant.
Yes, it is still relevant, thank you for reporting it. > To setup the new cell I used this commands: > > On krb server: > > kadmin.local > addprinc -randkey -e aes256-cts-hmac-sha1-96 afs > ktadd -k /root/rxkad.keytab afs > getprinc afs > quit > > On afs server: > > mv rxkad.keytab /etc/openafs/server/rxkad.keytab > touch /etc/openafs/server/KeyFile > > > The touch KeyFile is to workaround a small bug in afs-newcell command, > that still search for a old KeyFile with DES material. I'm preparing an upload that attempts to update the documentation to use afs/cell.name and the Kerberos interactions for rxkad-k5. The documentation will include using `akeyconvert` (or `asetkey`) after creating /etc/openafs/server/rxkad.keytab -- the postinst currently runs akeyconvert but I had intended that to only be an aid for the rxkad-k5 transition rather than a permanent feature. -Ben
