If you are working with an existing cell which uses kaserver or Kerberos v4 for authentication, please see Initializing Cell Security with kaserver for installation instructions which replace this section.
Now finish initializing the cell's security mechanisms. Begin by creating the following entry in your site's Kerberos database:
A generic administrative account, called admin by convention. If you choose to assign a different name, substitute it throughout the remainder of this document.
After you complete the installation of the first machine, you can continue to have all administrators use the admin account, or you can create a separate administrative account for each of them. The latter scheme implies somewhat more overhead, but provides a more informative audit trail for administrative operations.
You also issue several commands that enable the new admin user to issue privileged commands in all of the AFS suites.
The following instructions do not configure all of the security mechanisms related to the AFS Backup System. See the chapter in the OpenAFS Administration Guide about configuring the Backup System.
The examples below assume you are using MIT Kerberos. Please refer to the documentation for your KDC's administrative interface if you are using a different vendor
Enter kadmin interactive mode.
# kadmin Authenticating as principal
YOUR REALMwith password Password for
Issue the add_principal command to create the Kerberos Database entry for admin.
You should make the
long and complex as possible, but keep in mind that administrators
need to enter it often. It must be at least six characters long.
kadmin: add_principal admin Enter password for principal "admin@
Issue the quit command to leave kadmin interactive mode.
Issue the bos adduser command to add the admin user to the /usr/afs/etc/UserList file. This enables the admin user to issue privileged bos and vos commands.
# ./bos adduser <
machine name> admin -localauth