[OpenAFS] That infamous, magnificent bastard, error 19270408.

Bill Stivers stiversb@ucsc.edu
Sat, 9 Sep 2006 13:14:36 -0700

Gentle, kind sirs:

I've searched the archives pretty hard, but I'm still getting stymied  
by your friend and mine, rxkad error 19270408.  Our windows clients  
are working perfectly, and our Solaris -8- configuration is working  
perfectly with its internal k5/k4 bits but our Solaris 9  
configuration against strict Krb5 isn't.  It's a pretty standard  
build of client 1.4.1 against Solaris 9, using Sun's compilers- a  
rather old revision.  If more specifics might be useful, I'll  
cheerily provide them.

I get k5 tickets..  I get AFS tokens.. but on login, I get:
afs: Tokens for user of AFS id XXXX for cell cats.ucsc.edu are  
discarded (rxkad error=19270408).

If I unlog and kdestroy, then either chain of  kinit, then aklog or  
kinit then krb524init then aklog.. I get tickets, and what -look-  
like valid tokens, but the afs error above creeps up on running aklog.

Our AFS server administrator has checked the keys across the AFS  
servers and on the K5 principal information on the KDC- but the  
problem still persists.  I've looked at the code.. and my suspicion  
is that if the keys were different amongst AFS servers and/or between  
AFS and Kerberos servers, then -no- clients would work- not just the  
"macOS and/or Solaris 9" situation I'm getting now.

I have this feeling that I'm either missing something colossally  
stupidly obvious, or maybe my aklog binary is broken.  I've tried  
both transarc's aklog, and a krb5 migration kit aklog.. and they both  
result in the same error.  Any thoughts?  Or am I just not googling  
deeply enough to find my answer?

Bill Stivers
IC Unix Lab and Systems Administrator
University of California at Santa Cruz
v) 831-459-2472
f) 831-459-2914