[OpenAFS] Strange token issues

Russ Allbery rra@stanford.edu
Mon, 29 Apr 2013 13:22:45 -0700

Shane Warner <shane.warner@gmail.com> writes:

> We are having some strange issues with tokens on our openafs 1.6.2
> environment.

> There are 3 scenarios that randomly appear on our clients running apache
> with mod_waklog:
> 1) Tokens become invalid and an rxkad error=19270408 appears in dmesg. This
> is the least prevalent issue, and has only happened a couple of times.
> 2) Permission denied errors are seen intermittently while accessing files.
> Some file accesses are successful, some fail. No errors in logs on this one.
> 3) There is no intermittent behavior, just a solid permission denied even
> though it would appear that a token has been obtained. Restarting the
> openafs-client/httpd resolves it for about a minute before the permission
> denied brick wall comes back. No errors in logs on this one.

> Only rebooting the entire system resolves the issues for all of the above
> situations. Situations 2 and 3 are by far the most common and occur every
> 3-7 days on clients.

I assume this is Linux.  Have you increased:


on your systems?  mod_waklog can generate a lot of PAGs, which means that
you can run out of kernel keyrings, and that will prevent credentials from
being stored.

Russ Allbery (rra@stanford.edu)             <http://www.eyrie.org/~eagle/>