[OpenAFS] Re: asetkey: failed to set key, code 70354694

Jeff Blaine jblaine@kickflop.net
Fri, 07 Jan 2011 14:38:19 -0500


I lied, again!  It's BACK.

All file + DB servers report the exact same data for
'bos listkeys'

All DB servers have been 'bos restart <server> -all'

Various clients upon login throw the

     afs: Tokens for user of AFS id 26560 for cell rcf.our.org
     are discarded (rxkad error=19270408)

error for various users.  Some hosts work, some don't.

Some that don't are 1.4.11 just like the servers.  This
is the communication after entering a password via
SSH + pam_krb5 + pam_afs_session on a Solaris 10 SPARC
box running 1.4.11:

client1.our.org -> afsdb2.our.org UDP D=7004 S=32965 LEN=84
afsdb2.our.org -> client1.our.org UDP D=32965 S=7004 LEN=180
client1.our.org -> afsdb2.our.org UDP D=7004 S=32965 LEN=73
client1.our.org -> afsdb1.our.org UDP D=7004 S=32966 LEN=84
afsdb1.our.org -> client1.our.org UDP D=32966 S=7004 LEN=180
client1.our.org -> afsdb1.our.org UDP D=7004 S=32966 LEN=73
client1.our.org -> afsdb2.our.org UDP D=7004 S=32966 LEN=156
afsdb2.our.org -> client1.our.org UDP D=32966 S=7004 LEN=140
client1.our.org -> afsdb2.our.org UDP D=7004 S=32966 LEN=73
client1.our.org -> afsdb2.our.org UDP D=7002 S=32966 LEN=300
afsdb2.our.org -> client1.our.org UDP D=32966 S=7002 LEN=44
client1.our.org -> afsdb2.our.org UDP D=7002 S=32966 LEN=73
client1.our.org -> afsfs1.our.org UDP D=7000 S=7001 LEN=52
afsfs1.our.org -> client1.our.org UDP D=7001 S=7000 LEN=52
client1.our.org -> afsfs1.our.org UDP D=7000 S=7001 LEN=132
afsfs1.our.org -> client1.our.org UDP D=7001 S=7000 LEN=74
afsfs1.our.org -> client1.our.org UDP D=7001 S=7000 LEN=40
client1.our.org -> afsfs1.our.org UDP D=7000 S=7001 LEN=52
afsfs1.our.org -> client1.our.org UDP D=7001 S=7000 LEN=40
client1.our.org -> afsfs1.our.org UDP D=7000 S=7001 LEN=476
afsfs1.our.org -> client1.our.org UDP D=7001 S=7000 LEN=73
afsfs1.our.org -> client1.our.org UDP D=7001 S=7000 LEN=156
client1.our.org -> afsfs1.our.org UDP D=7000 S=7001 LEN=73

FWIW, none of thosts above are the so-called previously
problematic box, which we have actually halted for now
to see if it affects anything.

Can't make any sense of this.

On 1/7/2011 12:15 PM, Jeff Blaine wrote:
> This was solved by getting the responsible person to
> finally upgrade this box to Solaris 10 and OpenAFS
> 1.4.11 via upclientbin.
>
> On 1/6/2011 10:30 AM, Jeff Blaine wrote:
>> It's talking to a Solaris 9 OpenAFS 1.4.6 server (the only
>> one like that in our cell). Solaris 10 and OpenAFS 1.4.11
>> on all other servers.
>>
>> I rebooted it though after the KeyFile update due to it
>> seeming a little out of whack (AFS DB server only).
>>
>> On 1/6/2011 9:46 AM, Derrick Brashear wrote:
>>> Same AFS version everywhere? Some older version had a bug and would
>>> hang when rereading KeyFile, but it shouldn't cause this.
>>> Use tcpdump and figure out which server is returning that error, or,
>>> install a 1.5.78 client and see which server it logs the error about?
>>>
>>> On Thu, Jan 6, 2011 at 8:50 AM, Jeff Blaine<jblaine@kickflop.net> wrote:
>>>> Hmm, not so fast I guess. *Some* hosts are still doing
>>>> this, others are fine (???).
>>>>
>>>> All /usr/afs/etc/KeyFile files checksum the same on our
>>>> servers.
>>>>
>>>> rcf-smtp% ssh vegas
>>>> Password:
>>>> Last login: Thu Jan 6 08:04:52 2011 from rcf-smtp.our.
>>>> afs: Tokens for user of AFS id 26560 for cell rcf.our.org are discarded
>>>> (rxkad error=19270408)
>>>> %
>>>> % translate_et 19270408
>>>> 19270408 (rxk).8 = ticket contained unknown key version number
>>>> % kinit
>>>> Password for jblaine@RCF.OUR.ORG:
>>>> % aklog
>>>> % logout
>>>>
>>>> rcf-smtp% ssh vegas
>>>> Password:
>>>> Last login: Thu Jan 6 08:28:51 2011 from rcf-smtp.our.
>>>> afs: Tokens for user of AFS id 26560 for cell rcf.our.org are discarded
>>>> (rxkad error=19270408)
>>>> %
>>>>
>>>>
>>>> On 1/5/2011 8:37 PM, Jeff Blaine wrote:
>>>>>
>>>>> Thanks all -- that did it.
>>>>>
>>>>> On 1/5/2011 5:47 PM, Andrew Deason wrote:
>>>>>>
>>>>>> On Wed, 05 Jan 2011 17:36:57 -0500
>>>>>> Jeff Blaine<jblaine@kickflop.net> wrote:
>>>>>>
>>>>>>> etc-upserver-host# asetkey add 17 /etc/krb5.keytab afs
>>>>>>> asetkey: failed to set key, code 70354694.
>>>>>>> etc-upserver-host#
>>>>>>
>>>>>> $ translate_et 70354694
>>>>>> 70354694 (acfg).6 = no more entries
>>>>>>
>>>>>> aka AFSCONF_FULL. You can only have 8 keys at once iirc; how many
>>>>>> do you
>>>>>> have in there?
>>>>>>
>>>>> _______________________________________________
>>>>> OpenAFS-info mailing list
>>>>> OpenAFS-info@openafs.org
>>>>> https://lists.openafs.org/mailman/listinfo/openafs-info
>>>>>
>>>> _______________________________________________
>>>> OpenAFS-info mailing list
>>>> OpenAFS-info@openafs.org
>>>> https://lists.openafs.org/mailman/listinfo/openafs-info
>>>>
>>>
>>>
>>>
>> _______________________________________________
>> OpenAFS-info mailing list
>> OpenAFS-info@openafs.org
>> https://lists.openafs.org/mailman/listinfo/openafs-info
>>
> _______________________________________________
> OpenAFS-info mailing list
> OpenAFS-info@openafs.org
> https://lists.openafs.org/mailman/listinfo/openafs-info
>