X-Git-Url: https://sipb.mit.edu:444/gitweb.cgi/wiki.git/blobdiff_plain/0e7449def35d02f4c6a4131beacb38c7587d975e..edc63b61ed3059ef66806ec58238d33ed2b9c30d:/doc/root-instance.mdwn diff --git a/doc/root-instance.mdwn b/doc/root-instance.mdwn index 09d65ac..bb09ffe 100644 --- a/doc/root-instance.mdwn +++ b/doc/root-instance.mdwn @@ -60,16 +60,16 @@ time but your root instance tickets occasionally, a couple of people have developed shell scripts to make it easy to switch between them. * nelhage has the [krbroot - command](http://web.mit.edu/nelhage/Public/krbroot), with which you + command](https://web.mit.edu/nelhage/Public/krbroot), with which you use syntax like "krbroot ssh linerva" when you want to use your root instance for a command. You can also "krbroot shell". adehnert [extended it](https://www.dehnerts.com/gitweb/?p=user/alex/software/my-snippets.git;a=blob;f=krbroot;hb=HEAD) to add a `krbroot screen` subcommand, use `ATHENA_USER`, and support arbitrary principals. - * quentin and broder wrote [kdo](http://web.mit.edu/snippets/kerberos/kdo), + * quentin and broder wrote [kdo](https://web.mit.edu/snippets/kerberos/kdo), which is similar in spirit to krbroot, but designed for Mac OS X. It takes advantage of the fact that OS X's Kerberos implementation is better at handling multiple tickets. - * geofft has [kpagsh](http://web.mit.edu/geofft/Public/bashrc.kpagsh), + * geofft has [kpagsh](https://web.mit.edu/geofft/Public/bashrc.kpagsh), a way of configuring your .bashrc to prompt you for tickets (null instance by default) if you start a shell and don't have tickets. If you want to switch tickets, you start a new shell, and @@ -97,8 +97,8 @@ extra instance's password instead. ## Getting them You need to show up in person to [IS&T User -Accounts](http://ist.mit.edu/support/accounts) in -[E17](http://whereis.mit.edu/?go=E17) during business hours with a +Accounts](https://ist.mit.edu/support/accounts) in +[E17](https://whereis.mit.edu/?go=E17) during business hours with a photo ID to obtain new Kerberos identities. For the reasons described above, being in control of your null instance and sending a zephyr or authenticated e-mail with it does not mean that you can go ahead and @@ -109,9 +109,9 @@ be sure to ask for a pts id, if you want to use your tickets with AFS. You should change your root instance’s password with a command like this, to upgrade your key from critically weak DES encryption algorithm to strong AES encryption: - kadmin -p andersk/root -q 'cpw -e aes256-cts:normal -e aes128-cts:normal andersk/root' + kadmin -p andersk/root -q 'cpw -e aes256-cts:normal,aes128-cts:normal andersk/root' -(Note: This previously made your password incompatible with a [handful of services](http://debathena.mit.edu/trac/ticket/529) that you should not have been using with your root instance in the first place, but these services have now been fixed.) You can confirm the change with +(Note: This previously made your password incompatible with a [handful of services](https://debathena.mit.edu/trac/ticket/529) that you should not have been using with your root instance in the first place, but these services have now been fixed.) You can confirm the change with kadmin -p andersk/root -q 'getprinc andersk/root'