Initializing Cell Security

If you are working with an existing cell which uses kaserver or Kerberos v4 for authentication, please see Initializing Cell Security with kaserver for installation instructions which replace this section.

Now finish initializing the cell's security mechanisms. Begin by creating the following entry in your site's Kerberos database:

You also issue several commands that enable the new admin user to issue privileged commands in all of the AFS suites.

The following instructions do not configure all of the security mechanisms related to the AFS Backup System. See the chapter in the OpenAFS Administration Guide about configuring the Backup System.

The examples below assume you are using MIT Kerberos. Please refer to the documentation for your KDC's administrative interface if you are using a different vendor

  1. Enter kadmin interactive mode.

       # kadmin
    Authenticating as principal you/admin@YOUR REALM with password
    Password for you/admin@REALM: your_password

  2. Issue the add_principal command to create the Kerberos Database entry for admin.

    You should make the admin_passwd as long and complex as possible, but keep in mind that administrators need to enter it often. It must be at least six characters long.

       kadmin:  add_principal admin
       Enter password for principal "admin@REALM": admin_password
       Principal "admin@REALM" created.

  3. Issue the quit command to leave kadmin interactive mode.

       kadmin: quit

  4. Issue the bos adduser command to add the admin user to the /usr/afs/etc/UserList file. This enables the admin user to issue privileged bos and vos commands.

       # ./bos adduser <machine name> admin -localauth