[OpenAFS] Re: krb5 trust, rxkad error=19270408... I'm missing something

Andrew Deason adeason@sinenomine.net
Fri, 5 Mar 2010 13:34:00 -0600

On Fri, 5 Mar 2010 13:14:19 -0600
Stephen Joyce <stephen@physics.unc.edu> wrote:

> I don't see any afsconf_GetKey entry in the filelog. I even bumped
> debugging up to 125 and restarted the fileserver without seeing any
> lines containing that text.

Keeping this on the list (this is a useful datapoint).

You shouldn't need to increase debugging at all; this message should
always appear.

There's only two instances that I believe you can get the 'unknown key
version' error; just having the wrong kvno produces the message above.
I think the only other way to produce that error code is if the
encryption type is not des-cbc-crc, des-cbc-md4, nor des-cbc-md5.

Since you're not seeing that message, my guess is either that you're
getting that error from a different fileserver than you think you are
(do you have more than one? did you check all of them?), or the enc type
is wrong.

As Jeff noted, the only way to get more information out of it at this
point is attaching a debugger to the fileserver process. You want to
look at function tkt_DecodeTicket5, and look at t5.enc_part.etype at
around the switch statement in there to see what the enc type is.

Andrew Deason