This short document describes how to set up additional user kerberos/AFS identities. This example shows the creation of a 'toby/cron' identity.

First, create the kerberos identity, the -p option is the principal you will authenticate as (i.e. your admin principal), the -t option indicates where the keytab should be placed.

$ kdcregister -p toby/admin -t /tmp/toby-cron.keytab toby/cron@INF.ED.AC.UK

Now, copy the keytab to the appropriate machine/location. Note that you can run the above command as root if you want to put the keytab directly into a protected part of the filesystem (e.g. /etc).

Next, create the corresponding AFS identity. The argument supplied to -name should be the principal name with the '/' replaced with a '.' The numerical id should be obtained from AFSAdminUids

$ asu
$ pts createuser -name toby.cron -id 28214

-- TobyBlake - 09 Dec 2010

Topic revision: r1 - 09 Dec 2010 - 14:42:48 - TobyBlake
 
This site is powered by the TWiki collaboration platformCopyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback
This Wiki uses Cookies