[OpenAFS] Re: asetkey: failed to set key, code 70354694
Jeff Blaine
jblaine@kickflop.net
Fri, 07 Jan 2011 21:21:29 -0500
>> And here is all of our servers showing matching keys (key 17
>> is the one ktadd made which we then asetkey'd):
>
> Yes, but that's the key for the krb5 setup. The kaserver setup will have
> a different service key and kvno (unless you did something special to
> synchronize them).
>
> Did you perhaps the key that kaserver was using from the KeyFile to make
> room for the new krb5 key? 'kas examine' can tell you the kvno for the
> afs service key in the kadb. If it's not in the KeyFile on your servers,
> well, there you go.
afs service key in kadb = 9, doesn't exist in KeyFile
So that explains it, yes. I deleted kvno 9 from the KeyFile
in order to make room for 17.
I'm embarassed to say that I'm not sure how to approach
rectifying the situation now.
> Obfuscated cksum, right?
Some, yes :)