[OpenAFS] Problems adding a new server encryption key.

Renata Maria Dart Renata Maria Dart <renata@SLAC.Stanford.EDU>
Tue, 16 Sep 2003 15:40:30 -0700 (PDT)

Thanks for your quick response Derrick...I will try it again under


>Date: Tue, 16 Sep 2003 14:05:00 -0400 (EDT)
>From: Derrick J Brashear <shadow@dementia.org>
>Subject: Re: [OpenAFS] Problems adding a new server encryption key.
>X-X-Sender: shadow@johnstown.andrew.cmu.edu
>To: openafs-info@openafs.org
>MIME-version: 1.0
>Content-transfer-encoding: 7BIT
>Delivered-to: openafs-info@openafs.org
>X-Spam-Score: -2 () 
>X-Scanned-By: MIMEDefang 2.36
>X-BeenThere: openafs-info@openafs.org
>X-Mailman-Version: 2.0.4
>List-Post: <mailto:openafs-info@openafs.org>
>List-Subscribe: <https://lists.openafs.org/mailman/listinfo/openafs-info>, 
>List-Unsubscribe: <https://lists.openafs.org/mailman/listinfo/openafs-info>, 
>List-Archive: <https://lists.openafs.org/pipermail/openafs-info/>
>List-Help: <mailto:openafs-info-request@openafs.org?subject=help>
>List-Id: OpenAFS Info/Discussion <openafs-info.openafs.org>
>I'll pick one place to reply, and punt the other. No code to be developed.
>On Tue, 16 Sep 2003, Renata Maria Dart wrote:
>> Lost contact with file server 134.79.17.xx in cell slac.stanford.edu (all
>>  multi-homed ip addresses down for the server)
>>     began appearing in our SYSLOG output.  I watched as each of our
>>     fileservers in turn stopped serving files, as each one got the new copy
>>     of the KeyFile.
>> My questions are:
>> 1.  Is the Transarc procedure for updating server keys supposed to
>>     work under OpenAFS?  Or is a restart of the db and fileservers
>>     now needed after a new key is added to the KeyFile?   After the
>>     incident described above we went through the archives and found
>>     mail from Derrick Brashear in response to Frederick Gilbert:
>>     http://www.mail-archive.com/openafs-info@openafs.org/msg07515.html
>>     in which a "stuck fileserver" situation is described, but in that
>>     case it was after the bos addkey AND kas setpasswd had both been
>>     done.  In our case, I never got to the kas setpasswd step.
>kas setpasswd not relevant. The bos addkey was, it triggered a bug I added
>while fixing another bug. I know it's fixed in 1.2.10. Frederic Gilbert at
>some point said something about still having  problem after, but I'm not
>sure what it is.
>However, the fix to this issue was a patch to src/auth (probably
>src/auth/cellconfig.c) which went in recently, probably 1.2.10.
>> 3.  If we now need to restart the servers after a bos addkey, can you
>>     tell us why?
>As above, bug. An error caused an exit without dropping a mutex.
>> 4.  Could the KeyFile have been corrupted and still present a normal
>It wasn't corrupted.
>OpenAFS-info mailing list

 Renata Dart                         | renata@SLAC.Stanford.edu  
 Stanford Linear Accelerator Center  |    
 2575 Sand Hill Road, MS 97          | (650) 926-2848 (office)
 Stanford, California   94025        | (650) 926-3329 (fax)