[OpenAFS] That infamous, magnificent bastard, error 19270408.
Christopher D. Clausen
cclausen@acm.org
Sat, 9 Sep 2006 17:09:24 -0500
Bill Stivers <stiversb@ucsc.edu> wrote:
> I get k5 tickets.. I get AFS tokens.. but on login, I get:
> afs: Tokens for user of AFS id XXXX for cell cats.ucsc.edu are
> discarded (rxkad error=19270408).
cclausen@KBS-CDC C:\>translate_et 19270408
19270408 = ticket contained unknown key version number
Do you have multiple afs service principals?
Is there a afs@REALM and a afs/cell@REALM ?
> Our AFS server administrator has checked the keys across the AFS
> servers and on the K5 principal information on the KDC- but the
> problem still persists. I've looked at the code.. and my suspicion
> is that if the keys were different amongst AFS servers and/or between
> AFS and Kerberos servers, then -no- clients would work- not just the
> "macOS and/or Solaris 9" situation I'm getting now.
Not always true. Certain clients may only be using a ceertain service
principal.
> I have this feeling that I'm either missing something colossally
> stupidly obvious, or maybe my aklog binary is broken. I've tried
> both transarc's aklog, and a krb5 migration kit aklog.. and they both
> result in the same error. Any thoughts? Or am I just not googling
> deeply enough to find my answer?
Can you check the KDC logs and verify which afs principal is being used
by aklog? (should show up in klist -ef output as well after running
aklog.)
<<CDC