[OpenAFS] AFS-K5 transition problem - 'unknown key version number'

tbird57 tbird57@subdimension.com
Wed, 21 Aug 2002 10:59:43 -0500 

Hi,


I've encountered a problem on the AFS cell I've built under
RH Linux
7.1 server (Kernel 2.4.2).  I'm running openAFS 1.2.2, and
Kerberos 5
(version 1.2.2-12), and the problems started after I tried
to get AFS to
use K5  (Ken Hornstein's migration kit - afs-krb5-1.3).   I
built the kit,
and I'm running 'fakeka' as an instance under the bosserver.
 I created 
a K5 key for afs, in a temporary keytab,  and loaded it into
the AFS 
KeyFile using 'asetkey', per instructions in the kit:

>  
>  [root@montana: /root]# kadmin.local
>  Authenticating as principal afsadmin/admin@SENSE.NET with
password.
>  kadmin.local:  ktadd -e des-cbc-crc:v4 -k
/var/tmp/krb5.keytab afs
>  Entry for principal afs with kvno 16, encryption type DES
cbc mode with CRC-32 added to keytab
WRFILE:/var/tmp/krb5.keytab.
>  kadmin.local:  quit
>  [root@montana /root]# klist -k /var/tmp/krb5.keytab
>  Keytab name: FILE:/var/tmp/krb5.keytab
>  KVNO Principal
>  ----
------------------------------------------------------------
-----------
>    16 afs@SENSE.NET
>  [root@montana /root]# asetkey add 16 /var/tmp/krb5.keytab
afs
>  [root@montana /root]# asetkey list
>  kvno   11: key is: 98ad20fd6754896b
>  kvno   16: key is: 941f98ada1b64fc8
>  All done.


I restarted the bosserver (actually, I had rebooted the
system, and
everything came up fine, AFS and Kerberos servers).
So far so good.  Now, I can 'klog' into the adminstrative
account, and
I get a token cached for AFS (I verified the correct AFS
ID):

> [root@montana /root]# klog afsadmin
> Password:
> [root@montana /root]# klist
> Ticket cache: FILE:/tmp/krb5cc_0
> Default principal: afsadmin@SENSE.NET
> 
> Valid starting     Expires            Service principal
> 08/20/02 21:45:12  08/21/02 07:45:12 
krbtgt/SENSE.NET@SENSE.NET
> 08/20/02 21:45:18  08/21/02 07:45:12  afs@SENSE.NET
> 
> 
> Kerberos 4 ticket cache: /tmp/tkt0
> klist: You have no tickets cached
> [root@montana /root]# tokens
> 
> Tokens held by the Cache Manager:
> 
> User's (AFS ID 2) tokens for afs@sense.net [Expires Aug 21
19:33]
>    --End of list--
> 


But, something is awry with the ticket being passed:


> [root@montana /root]# vos listvol montana
> Could not fetch the list of partitions from the server
> rxk: ticket contained unknown key version number
> Error in vos listvol command.
> rxk: ticket contained unknown key version number

and:

> [root@montana include]# pts listentries
> Name                          ID  Owner Creator
> pts: ticket contained unknown key version number ; unable
to list entries


What am I missing? I was guessing that the key encryption
type was
an issue, which is why I specified 'ktadd' with '-e'.  I've
seen
other postings regarding what appears to be the same
problem. 
Any clues (and an explanation) are much appreciated...

Cheers,

-Tom
_____________________________________________________________________
// free anonymous email || forums \\ subZINE || anonymous browsing 
            subDIMENSION -- http://www.subdimension.com