[OpenAFS] Help migrating to ubuntu from Solaris

John Tang Boyland boyland@uwm.edu
Thu, 07 Nov 2013 15:49:50 -0600 

Dear OpenAFS community,
    After many years of using Solaris machines, we are transitioning to Linux.
I have used SC Linux and Debian, and now we are using Ubuntu.
Always before, I copied the contents of /usr/afs/etc
to the new machine and started the bosserver and went on from there,
but this time things did not go well.  It seems the server starts up
unauthenticated and refuses to let me set the level to authenticated.
Even starting "/usr/sbin/bosserver &" manually still starts up
unauthenticated.

$ rxdebug localhost -port 7001 -version
Trying 127.0.0.1 (port 7001):
AFS version:  OpenAFS 1.6.5.1-1~ppa1~saucy1-debian built  2013-10-29 
[As seen here the client is running]

/etc/openafs/server$ ls -l
total 24
-rw-r--r-- 1 root daemon  99 Apr  6  2006 CellServDB
-rw------- 1 root daemon 100 Aug  5  2005 KeyFile
-rw-r--r-- 1 root root    22 Nov  7 15:09 krb.conf
-rw-r--r-- 1 root daemon   9 Nov 17  1998 License
-rw-r--r-- 1 root daemon  10 Apr  6  2006 ThisCell
-rw------- 1 root root    45 Nov  7 15:14 UserList

$ bos status localhost
bos: failed to contact host's bosserver (ticket contained unknown key version number).
[I have successfully gotten admin tokens (kinit+aklog), but
these are apparently useless.]

$ bos status localhost -localauth
bos: running unauthenticated
[localauth works fine, as does -noauth]

/var/log/openafs$ more Bos*
Thu Nov  7 14:54:35 2013: Core limits now -1 -1
Thu Nov  7 14:54:35 2013: Server directory access is okay
Thu Nov  7 14:54:35 2013: Listening on 0.0.0.0:7007
[Is this a problem? 0.0.0.0 ??]

$ bos setauth localhost on -noauth
bos: running unauthenticated
bos: you are not authorized for this operation (failed to set authentication flag)
[Say what?  It's unauthenticated but I'm not authorized?]

Any help would be appreciated.
I thought I knew OpenAFS, but something strange is happening.
Did I put the KeyFile in the wrong directory?
I used /etc/openafs/server as seen above.

BTW: we are still using the old insecure KeyFile.
Our Solaris machine cannot be upgraded to 1.6.5
which is why we are transitioning, but I'd like 
to get the new server working before trying to rekey.

Best regards,
John