[OpenAFS] asetkey error 512.

Larry W. Cashdollar lwc@vapid.ath.cx
Thu, 13 Feb 2003 10:36:22 -0500 (EST) 

All,
	Here is the simple answer to asetkey error 512.*

* I am downloading the afs source now.

Thanks Nathan.

---------- Forwarded message ----------
Date: 13 Feb 2003 09:17:53 -0600
From: Nathan Neulinger <nneul@umr.edu>
To: Larry W. Cashdollar <lwc@vapid.ath.cx>
Subject: Re: Aklog and win2k kdc.

/afs/umr.edu/software/krb5src/umr-krb5.diff

That's the old one, I haven't updated it to current krb5-current sources
yet cause I haven't figured out what the recent changes to krb524d will
impact. You'll need to pick out the pieces that apply to krb524
directory.

The umr.diff is the current patch against krb5-current, minus any of the
krb524 changes.

-- Nathan

On Thu, 2003-02-13 at 09:10, Larry W. Cashdollar wrote:
> This worked.  I would happily accept the patch, I have patching/C
> programming skills so I'd like to have a whack at patching a newer source
> tree.
>
>
> On 12 Feb 2003, Nathan Neulinger wrote:
>
> > Wait, never mind, Error is AFSCONF_KEYINUSE.
> >
> > Try deleting your existing KeyFile, or remove the key from the keyfile
> > that has the same kvno as the key you are trying to load. It's
> > complaining that the kvno you are inserting is already in use in the
> > keyfile.
> >
> > -- Nathan
> >
> > On Wed, 2003-02-12 at 21:40, Nathan Neulinger wrote:
> > > Well, to be perfectly honest, I don't bother with asetkey any more.
> > >
> > > It's a lot simpler to just build your krb524d with a small patch that
> > > allows you to keep the afs key/krb4 keytab separate from the krb5
> > > keytab. So what you wind up with is:
> > >
> > > krb5/ads  ---K5 service key-->  krb524d  ---K4 AFS Token--> AFS
> > >
> > > I have the patch against an older krb5-current source tree, but I
> > > haven't got it updated yet for a more current code set. It's a
> > > relatively simple patch, but probably needs hand applied regardless.
> > >
> > > To actually solve your problem below though, the only things I can think
> > > of - try @LAB.INTERNAL instead.
> > >
> > > The error is coming from afsconf_AddKey, the only place in the afs
> > > source that I can see that it would cause a problem is if setkey can't
> > > write to /usr/afs/etc/KeyFile. (May be at a different path if you're
> > > using a build not compiled with --enable-transarc-paths.)
> > >
> > > If this helps, please fwd this to openafs@openafs.org so it'll be
> > > archived.
> > >
> > > -- Nathan