[OpenAFS] Re: asetkey: failed to set key, code 70354694

Jeff Blaine jblaine@kickflop.net
Fri, 07 Jan 2011 21:21:29 -0500


>> And here is all of our servers showing matching keys (key 17
>> is the one ktadd made which we then asetkey'd):
>
> Yes, but that's the key for the krb5 setup. The kaserver setup will have
> a different service key and kvno (unless you did something special to
> synchronize them).
>
> Did you perhaps the key that kaserver was using from the KeyFile to make
> room for the new krb5 key? 'kas examine' can tell you the kvno for the
> afs service key in the kadb. If it's not in the KeyFile on your servers,
> well, there you go.

afs service key in kadb = 9, doesn't exist in KeyFile

So that explains it, yes.  I deleted kvno 9 from the KeyFile
in order to make room for 17.

I'm embarassed to say that I'm not sure how to approach
rectifying the situation now.

> Obfuscated cksum, right?

Some, yes :)