[OpenAFS] client unable to access afs-cell after update to 1.4.1

Derek Atkins warlord@MIT.EDU
Wed, 31 May 2006 20:55:38 -0400


The 1.4.x aklog should first try afs/cell@REALM and if that
fails it should fallback and try afs@REALM.  Right now
you're running with two different keys, so that's part of
your problem.

-derek

Ulrich Eck <ueck@net-labs.de> writes:

> hi there,
>
> we have a small AFS-Cell using MIT-KRB5+524d on several debian/linux
> machines.
>
> after upgrading one of the openafs-clients (debian) to v1.4.1 + new
> kernel-modules
> we're not able to access the afs-cell from this system.
>
> there seems to be a difference between v1.3.81 (used on our
> fileservers/other clients) and 
> the new v1.4.1 in respect to what service-ticket aklog requests.
>
> on a working machine it requests a service-ticket for afs@OUR.DOMAIN
> with the new
> version it requests afs/cellname@OUR.DOMAIN. i tried to create a
> principal afs/cellname@OUR.DOMAIN in our kdc - but i didn't have success
> as the kvno of the newly created principal does not match the
> server-config.
>
> i get this error-message in the syslog of the client: 
> kernel: afs: Tokens for user of AFS id XXX for cell cellname are
> discarded (rxkad error=19270408)
>
> ~$ translate_et 19270408
> 19270408 (rxk).8 = ticket contained unknown key version number
>
> so my question(s):
>
> is it possible to tell aklog to behave like it did before the upgrade
> (ergo request the afs@OUR.DOMAIN ticket) ?
>
> if not: can i tell the afs-cell to accept more than one service-ticket
> (afs@OUR.DOMAIN and afs/cellname@OUR.DOMAIN) and if yes - how would i do
> so ?
>
> thanks in advance for any suggestions/help
>
> cheers Ulrich
>
>
> -- 
> net-labs Systemhaus GmbH
> Ebersberger Str. 46
> 85570 Markt Schwaben
> fon +49 8121 4747 0
> fax +49 8121 4747 77
> email: ueck@net-labs.de
>
> _______________________________________________
> OpenAFS-info mailing list
> OpenAFS-info@openafs.org
> https://lists.openafs.org/mailman/listinfo/openafs-info
>
>

-- 
       Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
       Member, MIT Student Information Processing Board  (SIPB)
       URL: http://web.mit.edu/warlord/    PP-ASEL-IA     N1NWH
       warlord@MIT.EDU                        PGP key available