[OpenAFS] bos -localauth not working

Stephen Joyce stephen@physics.unc.edu
Thu, 15 Apr 2010 15:37:02 -0400 (EDT)

I just added a new key to the KeyFile on my db and file servers. This key 
is for my campus's central krb5 realm.

Everything seems to be functioning normally regarding tickets and tokens. I 
can kinit and aklog using tickets from the foreign krb5 realm and 
manipulate files and folders in my cell.

However when I tried to use the -localauth flag to bos to restart server 
processes, it no longer works. It does work if I have tokens rather than 
using -localauth.

Everything else appears to be working fine, but I'd like to recover the 
ability to use -localauth if at all possible. Errors I get:

(no tokens, but I am root):
# bos restart fs5 -all -localauth
bos: failed to restart srevers (ticket contained unknown key version number)

# kinit user/admin
(valid password entered)
# aklog
# bos restart fs5 -all

I've double-checked the new kvno is as expected, and have no problems on 
the clients. So far the only symptom is bos.

What could I have missed?

Servers are OpenAFS 1.4.5 on Linux (yes, I know it's old. Upgrades are 
planned, but not *right now*).

Cheers, Stephen