[OpenAFS] Debian AFS Install Problem

Ted Anderson ota@transarc.com
Mon, 18 Mar 2002 11:49:31 -0500 (EST)


On 16 Mar 2002 20:08:32 -0500 eichin-oa@boxedpenguin.com wrote:
> As for the rxkad error, you can run the number though translate_et
> (which I don't have built here, but it looks like it was one of the
> ones in the test case:)
> 19270407 (rxk).7 = security object was passed a bad ticket

In my experience, this often indicates a key version number skew.  So
perhaps the file server 'ent' has a keyfile that doesn't match the keys
the Kerberos server has.

On Fri, 15 Mar 2002 12:47:19 +0100 fbo3@gmx.net wrote:
> ent # bos listusers ent
> bos: failed to retrieve super-user list (security object was passed a bad ticket)
>
> ?? Why do I have to use -localauth ??
>
> ent # bos listusers ent -localauth
> SUsers are: root

When you specify -localauth the bos command ignores your tokens, and
uses its root access to fabricate a key using the local keyfile.  Since
you are talking to the local machine this is sure to avoid any key
version number problems.  But you need to fix this skew problem.

> fs sa /afs system:anyuser rl
> fs: You don't have the required access rights on '/afs'
> Failed: 256
> ent # tail -n 1 /var/log/syslog
> Mar 15 12:32:42 enterprise kernel: afs: Tokens for user of AFS id 1 for cell alpha are discarded (rxkad error=19270407)
>
> ?? Does anyone know what the problem could be ??

This is likely the same version number skew as above.

Ted Anderson