Administration Reference


[Return to Library] [Contents] [Previous Topic] [Bottom of Topic] [Next Topic] [Index]

KeyFile

Purpose

Defines AFS server encryption keys

Description

The KeyFile file defines the server encryption keys that the AFS server processes running on the machine use to decrypt the tickets presented by clients during the mutual authentication process. AFS server processes perform privileged actions only for clients that possess a ticket encrypted with one of the keys from the file. The file must reside in the /usr/afs/etc directory on every server machine. For more detailed information on mutual authentication and server encryption keys, see the IBM AFS Administration Guide.

Each key has a corresponding a key version number that distinguishes it from the other keys. The tickets that clients present are also marked with a key version number to tell the server process which key to use to decrypt it. The KeyFile file must always include a key with the same key version number and contents as the key currently listed for the afs entry in the Authentication Database.

The KeyFile file is in binary format, so always use the appropriate commands from the bos command suite to administer it:

In cells that run the United States edition of AFS and use the Update Server to distribute the contents of the /usr/afs/etc directory, it is customary to edit only the copy of the file stored on the system control machine. In cells that run the international version of AFS, edit the file on each server machine individually.

Related Information

bos addkey

bos listkeys

bos removekey

kas setpassword

upclient

upserver

IBM AFS Administration Guide


[Return to Library] [Contents] [Previous Topic] [Top of Topic] [Next Topic] [Index]



© IBM Corporation 2000. All Rights Reserved