From 89328822305dcac5ea26e168ece5407bee002ef0 Mon Sep 17 00:00:00 2001
From: "https://jhavard.wordpress.com/" <jhavard@web>
Date: Mon, 3 Jun 2019 13:43:24 -0400
Subject: [PATCH 1/1] Modified to match
 http://docs.openafs.org/QuickStartUnix/HDRWQ50.html#idm45731875295408 which
 is verified to be necessary on a stock CentOS 7 system

---
 admin/InstallingOpenAFSonRHEL.mdwn | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/admin/InstallingOpenAFSonRHEL.mdwn b/admin/InstallingOpenAFSonRHEL.mdwn
index a26c1b6..edc3f81 100644
--- a/admin/InstallingOpenAFSonRHEL.mdwn
+++ b/admin/InstallingOpenAFSonRHEL.mdwn
@@ -193,10 +193,14 @@ Use `yum` to install the OpenAFS server packages:
 Create the Kerberos AFS service key and export it to a keytab file:
 
     # cellname=<cellname>
-    # kadmin.local -q "addprinc -randkey afs/${cellname}"
-    # kadmin.local -q "ktadd -k /usr/afs/etc/rxkad.keytab afs/${cellname}"
+    # kadmin.local -q "addprinc -randkey -e aes256-cts-hmac-sha1-96:normal,aes128-cts-hmac-sha1-96:normal afs/${cellname}"
+    # kadmin.local -q "ktadd -k /usr/afs/etc/rxkad.keytab -e aes256-cts-hmac-sha1-96:normal,aes128-cts-hmac-sha1-96:normal afs/${cellname}"
+
+where `<cellname>` is the name of your cell.  Make note of the key version number (kvno) as it is needed for the next step where it shows `<kvno>`.
+
+    # asetkey add rxkad_krb5 <kvno> 18 /usr/afs/etc/rxkad.keytab afs/${cellname}
+    # asetkey add rxkad_krb5 <kvno> 17 /usr/afs/etc/rxkad.keytab afs/${cellname}
 
-where `<cellname>` is the name of your cell.
 
 If your Kerberos REALM name is different from your cell name add your upper case
 REALM name in /usr/afs/etc/krb.conf, else you will not know why your cell does not work!
-- 
1.9.4