[OpenAFS] rxkad error=19270408

Jeffrey Altman jaltman@secure-endpoints.com
Tue, 21 Apr 2009 07:52:26 -0400 

This is a cryptographically signed message in MIME format.

--------------ms080601090203000808010107
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit

19270408 == unknown key version number.

Its quite simple.  The key version number being obtained by the
client does not match any key that was installed to the AFS KeyFile.

If you are trying to use the client tokens to authenticate to
'bosserver' that is of course going to fail.  Use -localauth
 in order to list the keys and use

  kvno afs@CREEDON.BIZ

to list the key version number from the KDC.

>From you logs here it shows that you have both "afs@CREEDON.BIZ" and
"afs/creedon.biz@CREEDON.BIZ" service principals.  There is no good
reason to have both but if you are going to have both they have to
have different key version numbers and both keys must be in the
AFS KeyFile.

Jeffrey Altman


Ted Creedon wrote:
> I spoke too soon.. there's something amiss with my tokens and it uses
> 100% of my cpu cycles
> 
> Help!
> 
> Apr 20 21:42:55 geronimo kernel: Found 32-bit system call table at
> 0xffffffff80407460 (pattern scan)
> Apr 20 21:42:58 geronimo kernel: Starting AFS cache scan...found 4141
> non-empty cache files (8%).
> Apr 20 21:43:05 geronimo krb5kdc[4567]: AS_REQ (12 etypes {18 17 16 23 1
> 3 2 11 10 15 12 13}) 10.1.1.185: ISSUE: authtime 1240288985, etypes
> {rep=16 tkt=1 ses=16}, admin@CREEDON.BIZ <mailto:admin@CREEDON.BIZ> for
> krbtgt/CREEDON.BIZ <http://CREEDON.BIZ>@CREEDON.BIZ <http://CREEDON.BIZ>
> Apr 20 21:43:10 geronimo syslog-ng[2290]: last message repeated 2 times
> Apr 20 21:43:10 geronimo krb5kdc[4567]: TGS_REQ (1 etypes {1})
> 10.1.1.185: ISSUE: authtime 1240288985, etypes {rep=16 tkt=1 ses=1},
> admin@CREEDON.BIZ <mailto:admin@CREEDON.BIZ> for afs/creedon.biz
> <http://creedon.biz>@CREEDON.BIZ <http://CREEDON.BIZ>
> Apr 20 21:43:31 geronimo syslog-ng[2290]: last message repeated 2 times
> Apr 20 21:43:31 geronimo kernel: afs: Tokens for user of AFS id 1 for
> cell creedon.biz <http://creedon.biz>: rxkad error=19270408
> Apr 20 21:43:31 geronimo syslog-ng[2290]: last message repeated 538 times
> Apr 20 21:43:31 geronimo kernel:  rxkad error=19270408
> Apr 20 21:43:31 geronimo kernel: afs: Tokens for user of AFS id 1 for
> cell creedon.biz <http://creedon.biz>: rxkad error=19270408
> Apr
> 
> 
> 
> On Mon, Apr 20, 2009 at 8:12 PM, Ted Creedon <tcreedon@easystreet.net
> <mailto:tcreedon@easystreet.net>> wrote:
> 
>     This has been discussed to death before but the keys seem to be the
>     same...
> 
>     I have no clue about what's going on. Can anyone help?
> 
>     thanks
> 
>     tedc
> 
>     klist -k /etc/krb5.keytab -t -K
>     Keytab name: FILE:/etc/krb5.keytab
>     KVNO Timestamp         Principal
>     ---- -----------------
>     --------------------------------------------------------
>        8 04/20/09 19:49:50 afs@CREEDON.BIZ <mailto:afs@CREEDON.BIZ>
>     (0xbaf225e9c7aeeab9)
>     ==========================
>     geronimo:~ # asetkey list
>     kvno    8: key is: baf225e9c7aeeab9
>     All done.
> 
>     ==========================
> 
>     Tokens held by the Cache Manager:
> 
>     User's (AFS ID 1) tokens for afs@creedon.biz
>     <mailto:afs@creedon.biz> [Expires Apr 21 19:53]
>        --End of list-
> 
>     ===========================
>     bos listkeys $S
>     bos: ticket contained unknown key version number error encountered
>     while listing keys
> 
> 

--------------ms080601090203000808010107
Content-Type: application/x-pkcs7-signature; name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime.p7s"
Content-Description: S/MIME Cryptographic Signature

MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIJeTCC
AxcwggKAoAMCAQICEDsE+kRcmomW1hYG6BoqhGEwDQYJKoZIhvcNAQEFBQAwYjELMAkGA1UE
BhMCWkExJTAjBgNVBAoTHFRoYXd0ZSBDb25zdWx0aW5nIChQdHkpIEx0ZC4xLDAqBgNVBAMT
I1RoYXd0ZSBQZXJzb25hbCBGcmVlbWFpbCBJc3N1aW5nIENBMB4XDTA4MDUzMDE5MTUyOVoX
DTA5MDUzMDE5MTUyOVowczEPMA0GA1UEBBMGQWx0bWFuMRUwEwYDVQQqEwxKZWZmcmV5IEVy
aWMxHDAaBgNVBAMTE0plZmZyZXkgRXJpYyBBbHRtYW4xKzApBgkqhkiG9w0BCQEWHGphbHRt
YW5Ac2VjdXJlLWVuZHBvaW50cy5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQCtf5bVJdYFtHIrV2XALpA5oaMu7FPYU7RP7vJhd8Cu9Kd9ud2crX2pHK4avuPaYb4Vg9qI
zPrPadePhJ3OWwNt1ZlUlpc5URnOfpg/I9iymZBUSnCFVLuIvoncacqyUlzqdYEF8XGEoEL6
6bj8uoCSX0D7ZjZiAS8993NvgiPYpf10acMyWQ4max+P7Wg9T03Nw2F6EsmP6gWxBRsekTXe
N6QjJdvaK0846lDqeBFoCEzIUMQXj2kiXVPCPEdxPc/L1sDMYf0GLaDIg8qyThpGd0X6DwfK
3RWcMy8DV7Q5Z+jSEdPn5X0l4anOTrjr3IwE57MC3bVs0EEpUODTzftnAgMBAAGjOTA3MCcG
A1UdEQQgMB6BHGphbHRtYW5Ac2VjdXJlLWVuZHBvaW50cy5jb20wDAYDVR0TAQH/BAIwADAN
BgkqhkiG9w0BAQUFAAOBgQA9kndmeLrdQOUbhNGGms/FnfDyraH4OjA4PIIMOCbGWK0YXczs
/Fqn4XkT70SG4s8v4Zg6TaAcJrZBVcZQXyzrhlF2Zev/g69zZMHQe+2r4i/3FBVKAtFCoea1
vgwJ5TfZYlKvt4D0Z4zexu9Y0VwCIR4plWjVD76zC2CGB/2fhjCCAxcwggKAoAMCAQICEDsE
+kRcmomW1hYG6BoqhGEwDQYJKoZIhvcNAQEFBQAwYjELMAkGA1UEBhMCWkExJTAjBgNVBAoT
HFRoYXd0ZSBDb25zdWx0aW5nIChQdHkpIEx0ZC4xLDAqBgNVBAMTI1RoYXd0ZSBQZXJzb25h
bCBGcmVlbWFpbCBJc3N1aW5nIENBMB4XDTA4MDUzMDE5MTUyOVoXDTA5MDUzMDE5MTUyOVow
czEPMA0GA1UEBBMGQWx0bWFuMRUwEwYDVQQqEwxKZWZmcmV5IEVyaWMxHDAaBgNVBAMTE0pl
ZmZyZXkgRXJpYyBBbHRtYW4xKzApBgkqhkiG9w0BCQEWHGphbHRtYW5Ac2VjdXJlLWVuZHBv
aW50cy5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCtf5bVJdYFtHIrV2XA
LpA5oaMu7FPYU7RP7vJhd8Cu9Kd9ud2crX2pHK4avuPaYb4Vg9qIzPrPadePhJ3OWwNt1ZlU
lpc5URnOfpg/I9iymZBUSnCFVLuIvoncacqyUlzqdYEF8XGEoEL66bj8uoCSX0D7ZjZiAS89
93NvgiPYpf10acMyWQ4max+P7Wg9T03Nw2F6EsmP6gWxBRsekTXeN6QjJdvaK0846lDqeBFo
CEzIUMQXj2kiXVPCPEdxPc/L1sDMYf0GLaDIg8qyThpGd0X6DwfK3RWcMy8DV7Q5Z+jSEdPn
5X0l4anOTrjr3IwE57MC3bVs0EEpUODTzftnAgMBAAGjOTA3MCcGA1UdEQQgMB6BHGphbHRt
YW5Ac2VjdXJlLWVuZHBvaW50cy5jb20wDAYDVR0TAQH/BAIwADANBgkqhkiG9w0BAQUFAAOB
gQA9kndmeLrdQOUbhNGGms/FnfDyraH4OjA4PIIMOCbGWK0YXczs/Fqn4XkT70SG4s8v4Zg6
TaAcJrZBVcZQXyzrhlF2Zev/g69zZMHQe+2r4i/3FBVKAtFCoea1vgwJ5TfZYlKvt4D0Z4ze
xu9Y0VwCIR4plWjVD76zC2CGB/2fhjCCAz8wggKooAMCAQICAQ0wDQYJKoZIhvcNAQEFBQAw
gdExCzAJBgNVBAYTAlpBMRUwEwYDVQQIEwxXZXN0ZXJuIENhcGUxEjAQBgNVBAcTCUNhcGUg
VG93bjEaMBgGA1UEChMRVGhhd3RlIENvbnN1bHRpbmcxKDAmBgNVBAsTH0NlcnRpZmljYXRp
b24gU2VydmljZXMgRGl2aXNpb24xJDAiBgNVBAMTG1RoYXd0ZSBQZXJzb25hbCBGcmVlbWFp
bCBDQTErMCkGCSqGSIb3DQEJARYccGVyc29uYWwtZnJlZW1haWxAdGhhd3RlLmNvbTAeFw0w
MzA3MTcwMDAwMDBaFw0xMzA3MTYyMzU5NTlaMGIxCzAJBgNVBAYTAlpBMSUwIwYDVQQKExxU
aGF3dGUgQ29uc3VsdGluZyAoUHR5KSBMdGQuMSwwKgYDVQQDEyNUaGF3dGUgUGVyc29uYWwg
RnJlZW1haWwgSXNzdWluZyBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAxKY8VXNV
+065yplaHmjAdQRwnd/p/6Me7L3N9VvyGna9fww6YfK/Uc4B1OVQCjDXAmNaLIkVcI7dyfAr
hVqqP3FWy688Cwfn8R+RNiQqE88r1fOCdz0Dviv+uxg+B79AgAJk16emu59l0cUqVIUPSAR/
p7bRPGEEQB5kGXJgt/sCAwEAAaOBlDCBkTASBgNVHRMBAf8ECDAGAQH/AgEAMEMGA1UdHwQ8
MDowOKA2oDSGMmh0dHA6Ly9jcmwudGhhd3RlLmNvbS9UaGF3dGVQZXJzb25hbEZyZWVtYWls
Q0EuY3JsMAsGA1UdDwQEAwIBBjApBgNVHREEIjAgpB4wHDEaMBgGA1UEAxMRUHJpdmF0ZUxh
YmVsMi0xMzgwDQYJKoZIhvcNAQEFBQADgYEASIzRUIPqCy7MDaNmrGcPf6+svsIXoUOWlJ1/
TCG4+DYfqi2fNi/A9BxQIJNwPP2t4WFiw9k6GX6EsZkbAMUaC4J0niVQlGLH2ydxVyWN3amc
OY6MIE9lX5Xa9/eH1sYITq726jTlEBpbNU1341YheILcIRk13iSx0x1G/11fZU8xggNkMIID
YAIBATB2MGIxCzAJBgNVBAYTAlpBMSUwIwYDVQQKExxUaGF3dGUgQ29uc3VsdGluZyAoUHR5
KSBMdGQuMSwwKgYDVQQDEyNUaGF3dGUgUGVyc29uYWwgRnJlZW1haWwgSXNzdWluZyBDQQIQ
OwT6RFyaiZbWFgboGiqEYTAJBgUrDgMCGgUAoIIBwzAYBgkqhkiG9w0BCQMxCwYJKoZIhvcN
AQcBMBwGCSqGSIb3DQEJBTEPFw0wOTA0MjExMTUyMjZaMCMGCSqGSIb3DQEJBDEWBBReRf1f
FLZ/wMc2amArFu6dwGcBajBSBgkqhkiG9w0BCQ8xRTBDMAoGCCqGSIb3DQMHMA4GCCqGSIb3
DQMCAgIAgDANBggqhkiG9w0DAgIBQDAHBgUrDgMCBzANBggqhkiG9w0DAgIBKDCBhQYJKwYB
BAGCNxAEMXgwdjBiMQswCQYDVQQGEwJaQTElMCMGA1UEChMcVGhhd3RlIENvbnN1bHRpbmcg
KFB0eSkgTHRkLjEsMCoGA1UEAxMjVGhhd3RlIFBlcnNvbmFsIEZyZWVtYWlsIElzc3Vpbmcg
Q0ECEDsE+kRcmomW1hYG6BoqhGEwgYcGCyqGSIb3DQEJEAILMXigdjBiMQswCQYDVQQGEwJa
QTElMCMGA1UEChMcVGhhd3RlIENvbnN1bHRpbmcgKFB0eSkgTHRkLjEsMCoGA1UEAxMjVGhh
d3RlIFBlcnNvbmFsIEZyZWVtYWlsIElzc3VpbmcgQ0ECEDsE+kRcmomW1hYG6BoqhGEwDQYJ
KoZIhvcNAQEBBQAEggEAKA6YCb0vqFVfv4hn//yOEa0syOzKh3ZVjKiv+tL8C92H1yg+Sb4L
w/mxVgp+yJrCB9bFUhd45caOZv9gLZtjbgw5JlADs2Q4vBTH5KoNOJMNrOEWswfMW/SEDD+W
TGSNjtlq7MUT6m/LuImBVoiKS/NjiWrPFOiMidP9hbCTZ5NhU4uKHb0YyzUcf6ihFBtC7pTV
4RO8GuEj6WkD8CSc9rXl3ayz9qbXpL+wBD+b9/8Rd+aWEgyxNSnGJ7H8ZMjEFqDMMaPsZzlX
GlJjhBJO2Rce/yj3VnmNOcXpb1jcqaResTakXUzb4E4I0KQuo/GBNM/5S8iq3JEfahdXD22N
bwAAAAAAAA==
--------------ms080601090203000808010107--