|
Size: 2050
Comment: Creating a new user
|
Size: 2226
Comment: Improving new user instructions
|
| Deletions are marked like this. | Additions are marked like this. |
| Line 24: | Line 24: |
| = The kadmin shell = Many Kerberos administration commands are run from a special shell. Enter it as root by running `sudo kadmin.local`. |
|
| Line 28: | Line 32: |
| To add the Kerberos principal for a daemon, run:{{{ | To add the Kerberos principal for a daemon, run this in kadmin:{{{ |
| Line 37: | Line 41: |
| To create a keytab for a daemon, run:{{{ ktadd -k /etc/keytab/$DAEMON.keytab -e "des3-hmac-sha1:normal rc4-hmac:normal" $DAEMON/$HOST}}} |
To create a keytab for a daemon, run this in kadmin:{{{ ktadd -k /etc/keytabs/$DAEMON.keytab -e "des3-hmac-sha1:normal rc4-hmac:normal" $DAEMON/$HOST}}} |
Basic Architecture
Using the shared filesystem involves a combination of LDAP, Kerberos, and OpenAFS. DavorOcelic might fill in more information here. 
File conventions
The /afs tree contains shared filesystems. /afs/hcoop.net (symlinked from /afs/hcoop as well) is our piece of the AFS-o-sphere. Subdirectories include:
/afs/hcoop.net/usr, the home of home directories
/afs/hcoop.net/usr/$USERNAME/home, $USERNAME's home directory
/afs/hcoop.net/common/etc, the home of non-platform-specific fun stuff like DomTool
Connecting to AFS from an HCoop server
I found this handy summary of the commands that must be run:
On our servers, it seems sufficient to run: