To: choon Cc: accounts@mit.edu Reply-To: accounts@mit.edu In-Reply-To: [274342] Subject: Srvtab created for "rose.mit.edu" Date: Fri, 20 Aug 2004 12:59:15 -0400 From: Laura Baldwin Hello there! I have created the srvtab you requested for rose. To get the srvtab do the following: attach accounts cd /mit/accounts/srvtabs/FOR_CHOON and then 'cp' it to where you want it (/etc/athena/srvtab is the default location on many platforms and it should be mode 400 owned by root). (Note: You may need to cp the srvtab file from afs to an intermediate location, such as /tmp/srvtab, su to root and then cp to /etc/athena/srvtab) As root do the following chown root /etc/athena/srvtab chmod 400 /etc/athena/srvtab Once you move a srvtab into place, you should change its version. The AFS copy is not completely secure, so changing the version makes certain that an unauthorized user doesn't end up with a valid key. To change the version of the srvtab, type: /usr/athena/bin/ksrvutil change -f /etc/athena/srvtab You should receive something like: Principal: rcmd.@ATHENA.MIT.EDU; version 1 Changing to version 2. Key changed. Old keyfile in /etc/athena/srvtab.old. Please delete the srvtab file from AFS after you have successfully installed it on the target system. The srvtab file in AFS will be useless once you have run 'ksrvutil change' as noted above. You can also create a kerberos 5 keytab so your machine can accept kerberos 5 connections. You can create the keytab from the srvtab I generated by doing: /usr/athena/etc/ktutil This will give you the ktutil: prompt. At the ktutil: prompt, type: rst /etc/athena/srvtab wkt /etc/krb5.keytab Type quit to end ktutil. If you have any questions, please don't hesitate to contact us. Thanks, Laura Baldwin Athena User Accounts accounts@mit.edu (617) 253-1325 http://web.mit.edu/accounts/www/ Office Location: N42-140 Hours: Mon, Wed, Fri 2PM-5PM Tues and Thurs 9AM-12 Noon