[OpenAFS] bos -localauth not working
Stephen Joyce
stephen@physics.unc.edu
Thu, 15 Apr 2010 15:37:02 -0400 (EDT)
I just added a new key to the KeyFile on my db and file servers. This key
is for my campus's central krb5 realm.
Everything seems to be functioning normally regarding tickets and tokens. I
can kinit and aklog using tickets from the foreign krb5 realm and
manipulate files and folders in my cell.
However when I tried to use the -localauth flag to bos to restart server
processes, it no longer works. It does work if I have tokens rather than
using -localauth.
Everything else appears to be working fine, but I'd like to recover the
ability to use -localauth if at all possible. Errors I get:
(no tokens, but I am root):
# bos restart fs5 -all -localauth
bos: failed to restart srevers (ticket contained unknown key version number)
# kinit user/admin
(valid password entered)
# aklog
# bos restart fs5 -all
(success)
I've double-checked the new kvno is as expected, and have no problems on
the clients. So far the only symptom is bos.
What could I have missed?
Servers are OpenAFS 1.4.5 on Linux (yes, I know it's old. Upgrades are
planned, but not *right now*).
Cheers, Stephen