[OpenAFS] That infamous, magnificent bastard, error 19270408.
Bill Stivers
stiversb@ucsc.edu
Sat, 9 Sep 2006 13:14:36 -0700
Gentle, kind sirs:
I've searched the archives pretty hard, but I'm still getting stymied
by your friend and mine, rxkad error 19270408. Our windows clients
are working perfectly, and our Solaris -8- configuration is working
perfectly with its internal k5/k4 bits but our Solaris 9
configuration against strict Krb5 isn't. It's a pretty standard
build of client 1.4.1 against Solaris 9, using Sun's compilers- a
rather old revision. If more specifics might be useful, I'll
cheerily provide them.
I get k5 tickets.. I get AFS tokens.. but on login, I get:
afs: Tokens for user of AFS id XXXX for cell cats.ucsc.edu are
discarded (rxkad error=19270408).
If I unlog and kdestroy, then either chain of kinit, then aklog or
kinit then krb524init then aklog.. I get tickets, and what -look-
like valid tokens, but the afs error above creeps up on running aklog.
Our AFS server administrator has checked the keys across the AFS
servers and on the K5 principal information on the KDC- but the
problem still persists. I've looked at the code.. and my suspicion
is that if the keys were different amongst AFS servers and/or between
AFS and Kerberos servers, then -no- clients would work- not just the
"macOS and/or Solaris 9" situation I'm getting now.
I have this feeling that I'm either missing something colossally
stupidly obvious, or maybe my aklog binary is broken. I've tried
both transarc's aklog, and a krb5 migration kit aklog.. and they both
result in the same error. Any thoughts? Or am I just not googling
deeply enough to find my answer?
---
Bill Stivers
IC Unix Lab and Systems Administrator
University of California at Santa Cruz
stiversb@ucsc.edu
v) 831-459-2472
f) 831-459-2914