[OpenAFS-devel] "Lost contact with file server" problems
Jeffrey Hutzelman
jhutz@cmu.edu
Wed, 07 Sep 2005 18:24:25 -0400
On Wednesday, September 07, 2005 10:38:23 -0400 Jeffrey Altman
<jaltman@secure-endpoints.com> wrote:
> Harald Barth wrote:
>
>>> This error is not RXKADEXPIRED but RXKADUNKNOWNKEY which is set by the
>>> server when the ticket received from the client was encrypted using a
>>> key whose kvno is unknown to the server.
>>
>>
>> Funny thing is that
>>
>> * new kinit and afslog did not help
>> * after restarting openafs, I _was_ able to communicate
>> with the server again. With the same ticket as before
>> (just did an "afslog").
What does "restarting openafs" mean? Did you restart the client system or
the fileserver?
> It would be interesting to know what kvno the client thought its
> tokens had. It would also be useful to see the capture of the
> exchange with the service for this connection to see what the
> client was sending.
>
> Did you try unlogging and contacting the server again before
> you performed the kinit and afslog?
>
> You are using Kerberos 5 based tickets. Therefore, the kvno
> should have been a fixed magic value.
Yeah, but the server will still return RXKADUNKNOWNKEY if the real kvno in
the krb5 ticket isn't one for which it can look up a key.
-- Jeffrey T. Hutzelman (N3NHS) <jhutz+@cmu.edu>
Sr. Research Systems Programmer
School of Computer Science - Research Computing Facility
Carnegie Mellon University - Pittsburgh, PA