[OpenAFS] Strange token issues
Russ Allbery
rra@stanford.edu
Mon, 29 Apr 2013 13:22:45 -0700
Shane Warner <shane.warner@gmail.com> writes:
> We are having some strange issues with tokens on our openafs 1.6.2
> environment.
> There are 3 scenarios that randomly appear on our clients running apache
> with mod_waklog:
> 1) Tokens become invalid and an rxkad error=19270408 appears in dmesg. This
> is the least prevalent issue, and has only happened a couple of times.
> 2) Permission denied errors are seen intermittently while accessing files.
> Some file accesses are successful, some fail. No errors in logs on this one.
> 3) There is no intermittent behavior, just a solid permission denied even
> though it would appear that a token has been obtained. Restarting the
> openafs-client/httpd resolves it for about a minute before the permission
> denied brick wall comes back. No errors in logs on this one.
> Only rebooting the entire system resolves the issues for all of the above
> situations. Situations 2 and 3 are by far the most common and occur every
> 3-7 days on clients.
I assume this is Linux. Have you increased:
/proc/sys/kernel/keys/maxkeys
/proc/sys/kernel/keys/root_maxkeys
on your systems? mod_waklog can generate a lot of PAGs, which means that
you can run out of kernel keyrings, and that will prevent credentials from
being stored.
--
Russ Allbery (rra@stanford.edu) <http://www.eyrie.org/~eagle/>