Create the Kerberos AFS service key and export it to a keytab file:
# cellname=<cellname>
- # kadmin.local -q "addprinc -randkey afs/${cellname}"
- # kadmin.local -q "ktadd -k /usr/afs/etc/rxkad.keytab afs/${cellname}"
+ # kadmin.local -q "addprinc -randkey -e aes256-cts-hmac-sha1-96:normal,aes128-cts-hmac-sha1-96:normal afs/${cellname}"
+ # kadmin.local -q "ktadd -k /usr/afs/etc/rxkad.keytab -e aes256-cts-hmac-sha1-96:normal,aes128-cts-hmac-sha1-96:normal afs/${cellname}"
+
+where `<cellname>` is the name of your cell. Make note of the key version number (kvno) as it is needed for the next step where it shows `<kvno>`.
+
+ # asetkey add rxkad_krb5 <kvno> 18 /usr/afs/etc/rxkad.keytab afs/${cellname}
+ # asetkey add rxkad_krb5 <kvno> 17 /usr/afs/etc/rxkad.keytab afs/${cellname}
-where `<cellname>` is the name of your cell.
If your Kerberos REALM name is different from your cell name add your upper case
REALM name in /usr/afs/etc/krb.conf, else you will not know why your cell does not work!
git://git.openafs.org / openafs-wiki.git / blobdiff