[OpenAFS] Re: Troubles changing keys

[Derrick J Brashear]

I still haven't had time to deal with getting the new version of dbx I
need to look at the core, but I have little doubt that there's a deadlock
caused when the afsconf package is called again when the change is
noticed. That's not definite but it's likely.

 On Fri, 21 Mar 2003, Frederic Gilbert wrote:

> Hi,
>
> We have troubles here when changing the AFS encryption keys.
>
> For those who remember, I already mailed on Feb. 2 about fileserver
> processes sometimes becoming stuck in thread semaphor/signaling routines
> on our Solaris servers (Sol. 2.6, OpenAFS 1.2.7).
>
> We found out that the same symptoms happen systematically when we change
> the AFS encryption keys on our servers -- no kerberos here (yet), and of
> course we change it on all servers with "bos addkey", then change the
> afs account password with "kas setpassword", all being done in less than
> 2 minutes.
>
> Then all of our 5 Solaris servers, 3 DB and 2 FS, show the "stuck
> fileserver" problem in a matter of minutes, and we have to do a "bos
> restart fs" on them.
>
> The "stuck fileserver" problem is to be explored by Derrick Brashear
> with a core we provided, but I wanted to know if anybody encountered
> problems while changing keys, which should be an innocuous operation. By
> the way, how frequently do people here change their keys?
>
> Thanks,
> Frederic Gilbert.
>
>