[OpenAFS-devel] Improve error message when bos cannot find the /usr/afs/etc/KeyFile

Jeffrey Hutzelman jhutz@cmu.edu
Thu, 01 Sep 2005 20:58:13 -0400 

On Friday, September 02, 2005 02:27:34 AM +0200 Martin MOKREJ=A9=20
<mmokrejs@ribosome.natur.cuni.cz> wrote:

> Please improve the messages so that user knows what actually has failed.
>
># rm /usr/afs/etc/KeyFile
># /usr/afs/bin/bos listkeys -server phylo -localauth

Well, "-localauth" tells bos that it should open the KeyFile, read a key=20
out of it, and use it to print a ticket with which to talk to the =
bosserver.

> bos: could not find entry (getting key from local KeyFile)

This means it was unable to find an entry in the KeyFile to use for that=20
purpose.  In this case, the reason happens to be because you have no=20
KeyFile, but 'bos' doesn't know that -- all it knows is it called a library =

routine to fetch a key, and the routine said "there is no such key".


> bos: running unauthenticated

This is bos telling you what it's going to do instead - it will try the=20
operation you asked for, but without authentication.

Next comes the list of keys it retrieved from the bosserver -- all zero of=20
them, since you have no KeyFile.  Normally this is a privileged operation,=20
but for some reason (probably because you had no KeyFile), the bosserver is =

operating in noauth mode, and will allow anyone to perform any operation.

> All done.

And finally, this line marks the end of the list of keys.


># cp /usr/vice/etc/KeyFile /usr/afs/etc/KeyFile
># /usr/afs/bin/bos listkeys -server phylo -localauth
> bos: ticket contained unknown key version number error encountered while
> listing keys

Now here, you've copied a KeyFile into place, and run bos again.  Now bos=20
finds the KeyFile and loads an entry, but since you changed the KeyFile=20
behind the bosserver's back, _it_ doesn't know about the new key, which it=20
reports with the error code for "ticket contained unknown key version=20
number".


So, the problem here is that you changed the KeyFile behind the bosserver's =

back, instead of using the supported interface for that (bos addkey) or=20
restarting the bosserver after you made the change.  I'm sorry, but we=20
don't have an error message for that.  Once you tell us how 'bos' is=20
supposed to figure that out and distinguish it from similar problems like=20
"your local KeyFile doesn't match the one the server is using", "you=20
deleted the key you were using", and "the kvno's in the KeyFile and KDB=20
don't match", let us know, and maybe we'll add an error.  In the meantime,=20
well, sometimes when you encounter an error you have to do some=20
troubleshooting.


-- Jeffrey T. Hutzelman (N3NHS) <jhutz+@cmu.edu>
   Sr. Research Systems Programmer
   School of Computer Science - Research Computing Facility
   Carnegie Mellon University - Pittsburgh, PA