KeyFile - Defines AFS3 server rxkad encryption keys (deprecated)
The KeyFile file stores the server encryption keys that the AuriStor File System services use to decrypt 56-bit rxkad tokens presented by clients when authenticating network connections. Use of rxkad tokens are deprecated and KeyFile exists solely to permit migration from IBM AFS and OpenAFS cells which rely upon them.
The KeyFile file must reside in the /usr/local/etc/yfs/server directory on every server machine. An empty KeyFile consists of four zero bytes.
If the current key listed for the afs/cell service principal in the associated Kerberos v5 realm defines an encryption key of type des-cbc-crc,
des-cbc-md5 or des-cbc-md4,
then the KeyFile file must include a key with the same key version number and contents as the current key.
The KeyFileExt file is in binary format, so always use the asetkey(8) command to administer it:
The asetkey add command to add a new key.
The asetkey list command to display the keys.
The asetkey delete command to remove a key from the file.
The asetkey commands must be run on the same server as the KeyFile file to update. New rxkad keys should be added from a Kerberos v5 keytab using asetkey add rxkad kvno all keytab-file principal.
The most common errors caused by changes to KeyFile are:
adding an rxkad key that does not match the corresponding key for the Kerberos v5 principal.
Both the key and the key version number must match the key for the corresponding principal,
afs/cell,
in the Kerberos v5 realm.
failing to synchronize the contents of the KeyFile file across all AuriStor File System servers.
replacing KeyFile with a zero length file.
KeyFileExt(5), asetkey(8), upclient(8), upserver(8)
Copyright AuriStor, Inc. 2014-2024. https://www.auristor.com/ All Rights Reserved.
"AFS" is a registered mark of International Business Machines Corporation, used under license. (USPTO Registration 1598389)
"OpenAFS" is a registered mark of International Business Machines Corporation. (USPTO Registration 4577045)
The "AuriStor" name, log 'S' brand mark, and icon are registered marks of AuriStor, Inc. (USPTO Registrations 4849419, 4849421, and 4928460) (EUIPO Registration 015539653).
"Your File System" is a registered mark of AuriStor, Inc. (USPTO Registrations 4801402 and 4849418).
"YFS" and "AuriStor File System" are trademarks of AuriStor, Inc.