Initializing Cell Security
Prev Chapter 2. Installing the First AFS Machine Next

Initializing Cell Security

If you are working with an existing cell which uses kaserver or Kerberos v4 for authentication, please see Initializing Cell Security with kaserver for installation instructions which replace this section.

Now finish initializing the cell's security mechanisms. Begin by creating the following entry in your site's Kerberos database:

You also issue several commands that enable the new admin user to issue privileged commands in all of the AFS suites.

The following instructions do not configure all of the security mechanisms related to the AFS Backup System. See the chapter in the OpenAFS Administration Guide about configuring the Backup System.

The examples below assume you are using MIT Kerberos. Please refer to the documentation for your KDC's administrative interface if you are using a different vendor

  1. Enter kadmin interactive mode. 

       # kadmin
Authenticating as principal you/admin@YOUR REALM with password
Password for you/admin@REALM: your_password

  2. Issue the add_principal command to create the Kerberos Database entry for admin.

    You should make the admin_passwd as long and complex as possible, but keep in mind that administrators need to enter it often. It must be at least six characters long. 

       kadmin:  add_principal admin
   Enter password for principal "admin@REALM": admin_password
   Principal "admin@REALM" created.

  3. Issue the quit command to leave kadmin interactive mode. 

       kadmin: quit

  4. Issue the bos adduser command to add the admin user to the /usr/afs/etc/UserList file. This enables the admin user to issue privileged bos and vos commands. 

       # ./bos adduser <machine name> admin -localauth

Prev Up Next
Starting the Database Server Processes Home Initializing the Protection Database