3 KeyFile - Defines AFS server encryption keys
7 The KeyFile file defines the server encryption keys that the AFS
8 server processes running on the machine use to decrypt the tickets presented
9 by clients during the mutual authentication process. AFS server
10 processes perform privileged actions only for clients that possess a ticket
11 encrypted with one of the keys from the file. The file must reside in
12 the B</usr/afs/etc> directory on every server machine. For more
13 detailed information on mutual authentication and server encryption keys, see
14 the I<IBM AFS Administration Guide>.
16 Each key has a corresponding a key version number that distinguishes it
17 from the other keys. The tickets that clients present are also marked
18 with a key version number to tell the server process which key to use to
19 decrypt it. The B<KeyFile> file must always include a key with
20 the same key version number and contents as the key currently listed for the
21 B<afs> entry in the Authentication Database.
23 The KeyFile file is in binary format, so always use the
24 appropriate commands from the B<bos> command suite to administer
31 The bos addkey command to define a new key
36 The bos listkeys command to display the keys
41 The bos removekey command to remove a key from the file
46 In cells that run the United States edition of AFS and use the Update
47 Server to distribute the contents of the B</usr/afs/etc> directory, it
48 is customary to edit only the copy of the file stored on the system control
49 machine. In cells that run the international version of AFS, edit the
50 file on each server machine individually.
57 L<kas_setpassword(1)>,
61 I<IBM AFS Administration Guide>
65 IBM Corporation 2000. <http://www.ibm.com/> All Rights Reserved.
67 This documentation is covered by the IBM Public License Version 1.0. It was
68 converted from HTML to POD by software written by Chas Williams and Russ
69 Allbery, based on work by Alf Wachsmann and Elizabeth Cassell.
git://git.openafs.org / openafs.git / blob