[OpenAFS-devel] des-cbc-md5 versus des-cbc-crc (Was: "afsd: ASSERT: cacheFiles 1000 diskblocks -26")

Martin MOKREJŠ mmokrejs@ribosome.natur.cuni.cz
Fri, 02 Sep 2005 01:51:09 +0200


Martin MOKREJŠ wrote:
> I'm testing current cvs head against linux-2.6.13 kernel on smp Xeon based machine.
> Additionally, I have applied the patch from Troy to improve the cache statistics.
> Anyway, I have killed bosserver processes to reboot (I'm installing new cell and
> the KeyFile is somehow not picked up again: "ptserver: can't find any Kerberos keys, code = 70354689, ignoring").

Well, I found this for my own sidenote:
afs: Tokens for user of AFS id 0 for cell phylo.natur.cuni.cz are discarded (rxkad error=19270408)
So just for the archives I'll post an answer to this note. The bug is in heimdals "ktutil copy"
adding md5 version of the key to KeyFile:

phylo ~ # grep 19270408 /usr/afsws/i386_linux26/include/rx/*
/usr/afsws/i386_linux26/include/rx/rxkad.h:#define RXKADUNKNOWNKEY                          (19270408L)
phylo ~ # /usr/heimdal/sbin/ktutil -k AFSKEYFILE:/usr/vice/etc/KeyFile list
AFSKEYFILE:/usr/vice/etc/KeyFile:

Vno  Type         Principal
  1  des-cbc-md5  afs/phylo.natur.cuni.cz@PHYLO.NATUR.CUNI.CZ
phylo ~ # 

So, that's the second bug found today in ktutil. Others, beware so that ktutil required
you to have des-cbc-md5 in krb5.keytab for this step until Love fixed that today:

/usr/heimdal/sbin/ktutil copy /etc/krb5.keytab AFSKEYFILE:/usr/vice/etc/KeyFile

(which everyone has to pass while establishing a new cell). ;)