[OpenAFS] Users lose tokens, rxkad error=19270408

Lewis, Dave LEWIS@NKI.RFMH.ORG
Mon, 7 Nov 2011 21:09:20 -0500


Hi,

Sometimes users lose tokens when they use start a graphical application
in GNOME or KDE. It's most common with a graphical file manager like
Nautilus.=20

When they lose tokens, /var/log/messages has an entry saying their
tokens are discarded, and it gives rxkad error=3D19270408. Sometimes
"tokens" reports that they still have tokens, although the permissions
are gone.

We're using CentOS 5.6, kernel 2.6.18-238.12.1.el5, OpenAFS 1.4.14, MIT
Kerberos V.


For example, in a directory in which I have AFS write permission:

$ tokens

Tokens held by the Cache Manager:

User's (AFS ID 112) tokens for afs@cabi.rfmh.org [Expires Nov  8 20:18]
   --End of list--

$ touch this
[I can touch a file named "this"]

$ date
Mon Nov  7 20:19:30 EST 2011


[Now I open the Nautilus file browser]


$ date
Mon Nov  7 20:19:44 EST 2011

$ tokens

Tokens held by the Cache Manager:

User's (AFS ID 112) tokens for afs@cabi.rfmh.org [Expires Nov  8 20:18]
   --End of list--
[According to "tokens" I still have AFS tokens, but...]

$ touch this
touch: setting times of `this': Permission denied
[I can't touch "this"]

$ tokens

Tokens held by the Cache Manager:

User's (AFS ID 112) tokens for afs@cabi.rfmh.org [Expires Nov  8 20:18]
   --End of list--

$ klog
Password:

$ tokens

Tokens held by the Cache Manager:

User's (AFS ID 112) tokens for afs@cabi.rfmh.org [Expires Nov  8 20:20]
   --End of list--

$ touch this
$
[Now I can touch "this"]


This entry in /var/log/messages appeared when I opened Nautilus:

Nov  7 20:19:35 lister kernel: afs: Tokens for user of AFS id 112 for
cell cabi.rfmh.org are discarded (rxkad error=3D19270408)


I have no idea what's going on. Can someone help?

Thanks,
Dave


Conserve Resources. Print only when necessary.

IMPORTANT NOTICE: This e-mail is meant only for the use of the intended r=
ecipient. It may contain confidential information which is legally privil=
egedor otherwise protected by law. If you received this e-mail in error o=
r from someone who is not authorized to send it to you, you are strictly =
prohibited from reviewing, using, disseminating, distributing or copying =
the e-mail. PLEASE NOTIFY US IMMEDIATELY OF THE ERROR BY RETURN E-MAIL AN=
D DELETE THIS MESSAGE FROM YOUR SYSTEM. Thank you for your cooperation.