[OpenAFS] That infamous, magnificent bastard, error 19270408.

Christopher D. Clausen cclausen@acm.org
Sat, 9 Sep 2006 17:09:24 -0500


Bill Stivers <stiversb@ucsc.edu> wrote:
> I get k5 tickets..  I get AFS tokens.. but on login, I get:
> afs: Tokens for user of AFS id XXXX for cell cats.ucsc.edu are
> discarded (rxkad error=19270408).

cclausen@KBS-CDC C:\>translate_et 19270408
19270408 = ticket contained unknown key version number

Do you have multiple afs service principals?
Is there a afs@REALM and a afs/cell@REALM ?

> Our AFS server administrator has checked the keys across the AFS
> servers and on the K5 principal information on the KDC- but the
> problem still persists.  I've looked at the code.. and my suspicion
> is that if the keys were different amongst AFS servers and/or between
> AFS and Kerberos servers, then -no- clients would work- not just the
> "macOS and/or Solaris 9" situation I'm getting now.

Not always true.  Certain clients may only be using a ceertain service 
principal.

> I have this feeling that I'm either missing something colossally
> stupidly obvious, or maybe my aklog binary is broken.  I've tried
> both transarc's aklog, and a krb5 migration kit aklog.. and they both
> result in the same error.  Any thoughts?  Or am I just not googling
> deeply enough to find my answer?

Can you check the KDC logs and verify which afs principal is being used 
by aklog?  (should show up in klist -ef output as well after running 
aklog.)

<<CDC