All,
The kerberos 5 upgrade went well yesterday.
We now have a Kerberos 5 database in production. Thanks to all of you
who tested and helped out.
Just some details for those of you who want to use the K5 database. (No
changes are required for legacy afs systems.)
afsdb0.cl.msu.edu is still the main database, it runs the Kerberos
database as well as the remaining afs databases.
afsdb1.cl.msu.edu is the backup Kerberos database (sometimes referred to
as the slave database)
If afsdb0 is offline for any reason authentication will continue but
since the backup database is read-only users can't be added or passwords
reset.
The database is propagated hourly.
You must list afsdb1 in your config files in order to make the backup
database available to your systems (Kerberos 4 and 5 only).
I am including a suggested krb5.conf file.
##############################
[libdefaults]
default_realm = MSU.EDU
clockskew = 300
[realms]
MSU.EDU = {
kdc = afsdb0.cl.msu.edu
kdc = afsdb1.cl.msu.edu
admin_server = afsdb0.cl.msu.edu:749
kpasswd_server = afsdb0.cl.msu.edu
default_domain = MSU.EDU
}
###################################
Here is a sample krb.conf file (for k4 compatability)
###################################
MSU.EDU
MSU.EDU afsdb0.cl.msu.edu admin server
MSU.EDU afsdb1.cl.msu.edu
#################################
/sd
--
Steve Devine
Storage Systems
Academic Computing & Network Services
Michigan State University
301 Computer Center
East Lansing, MI 48824-1042
1-517-432-7327
Baseball is ninety percent mental; the other half is physical.
- Yogi Berra
