X-Git-Url: https://sipb.mit.edu/gitweb.cgi/wiki.git/blobdiff_plain/df46ba5c5c502b968b148f369616275846ddfb14..3f557f542c24d8f8ea9c4be5752656799abe38fb:/doc/root-instance.mdwn?ds=sidebyside diff --git a/doc/root-instance.mdwn b/doc/root-instance.mdwn index e4efed5..d3bc5ee 100644 --- a/doc/root-instance.mdwn +++ b/doc/root-instance.mdwn @@ -47,9 +47,7 @@ your Athena account. You can also make things in Moira or AFS owned by your root instance, if you don't want your null instance to be able to mess with mailing lists or lockers. For Moira, make them owned by -`KERBEROS:yourname.root@ATHENA.MIT.EDU`. (For legacy Kerberos 4 reasons, -Moira and AFS both use a dot instead of a slash to separate the -principal and the instance.) For AFS, ask accounts or afsreq to get +`KERBEROS:yourname/root@ATHENA.MIT.EDU`. For AFS, ask accounts or afsreq to get you a 'pts id', basically an account with the AFS servers, and then you can give bits to yourname.root and start blanching your root instance onto AFS groups. @@ -113,7 +111,7 @@ be sure to ask for a pts id, if you want to use your tickets with AFS. You should change your root instance’s password with a command like this, to upgrade your key from critically weak DES encryption algorithm to strong AES encryption: - kadmin -p andersk/root -q 'cpw -e aes256-cts:normal -e aes128-cts:normal -e des3-cbc-sha1:normal andersk/root' + kadmin -p andersk/root -q 'cpw -e aes256-cts:normal -e aes128-cts:normal andersk/root' (Note: This might make your password incompatible with a [handful of services](http://debathena.mit.edu/trac/ticket/529) that you should not have been using with your root instance in the first place.) You can confirm the change with @@ -122,3 +120,5 @@ You should change your root instance’s password with a command like this, to u which should list a line like Key: vno 4, aes256-cts-hmac-sha1-96, no salt + +If you change your password again, you will need to specify your desired enctypes with the -e option; otherwise, they will be reset to the defaults.