KeyFile - Defines AFS server encryption keys
The KeyFile file defines the server encryption keys that the AFS server
processes running on the machine use to decrypt the tickets presented
by clients during the mutual authentication process. AFS server
processes perform privileged actions only for clients that possess a
ticket encrypted with one of the keys from the file. The file must
reside in the /etc/openafs/server directory on every server machine.
For more detailed information on mutual authentication and server
encryption keys, see the IBM AFS Administration Guide.
Each key has a corresponding a key version number that distinguishes it
from the other keys. The tickets that clients present are also marked
with a key version number to tell the server process which key to use
to decrypt it. The KeyFile file must always include a key with the same
key version number and contents as the key currently listed for the
"afs" entry in the Authentication Database.
The KeyFile file is in binary format, so always use the appropriate
commands from the bos command suite to administer it:
· The bos addkey command to define a new key.
· The bos listkeys command to display the keys.
· The bos removekey command to remove a key from the file.
In cells that use the Update Server to distribute the contents of the
/etc/openafs/server directory, it is customary to edit only the copy of
the file stored on the system control machine. Otherwise, edit the file
on each server machine individually.
bos_addkey(8), bos_listkeys(8), bos_removekey(8), kas_setpassword(8),
IBM AFS Administration Guide
IBM Corporation 2000. <http://www.ibm.com/> All Rights Reserved.
This documentation is covered by the IBM Public License Version 1.0.
It was converted from HTML to POD by software written by Chas Williams
and Russ Allbery, based on work by Alf Wachsmann and Elizabeth Cassell.