[OpenAFS] client unable to access afs-cell after update to 1.4.1

Ulrich Eck ueck@net-labs.de
Mon, 29 May 2006 18:53:47 +0200

hi there,

we have a small AFS-Cell using MIT-KRB5+524d on several debian/linux

after upgrading one of the openafs-clients (debian) to v1.4.1 + new
we're not able to access the afs-cell from this system.

there seems to be a difference between v1.3.81 (used on our
fileservers/other clients) and 
the new v1.4.1 in respect to what service-ticket aklog requests.

on a working machine it requests a service-ticket for afs@OUR.DOMAIN
with the new
version it requests afs/cellname@OUR.DOMAIN. i tried to create a
principal afs/cellname@OUR.DOMAIN in our kdc - but i didn't have success
as the kvno of the newly created principal does not match the

i get this error-message in the syslog of the client: 
kernel: afs: Tokens for user of AFS id XXX for cell cellname are
discarded (rxkad error=19270408)

~$ translate_et 19270408
19270408 (rxk).8 = ticket contained unknown key version number

so my question(s):

is it possible to tell aklog to behave like it did before the upgrade
(ergo request the afs@OUR.DOMAIN ticket) ?

if not: can i tell the afs-cell to accept more than one service-ticket
(afs@OUR.DOMAIN and afs/cellname@OUR.DOMAIN) and if yes - how would i do
so ?

thanks in advance for any suggestions/help

cheers Ulrich

net-labs Systemhaus GmbH
Ebersberger Str. 46
85570 Markt Schwaben
fon +49 8121 4747 0
fax +49 8121 4747 77
email: ueck@net-labs.de