[OpenAFS] Rekey AFS - aklog not working

[Andreas Hirczy]

Hi!

I recently tried to rekey our AFS - at last - following the =C2=B4basic
procedure=C2=B4 from https://www.openafs.org/pages/security/how-to-rekey.txt
and https://www.openafs.org/pages/security/install-rxkad-k5-1.6.txt.  My
setup runs OpenAFS 1.8.5 and MIT Kerberos 1.17-3 on Debian.

Afterwards obtaining tokens with aklog failed with error code 19270408
(ticket contained unknown key version number):

| $ aklog
| afs: Tokens for user of AFS id 997 for cell itp.tugraz.at: rxkad error=3D=
19270408 (server 129.27.161.138)
| afs: Tokens for user of AFS id 997 for cell itp.tugraz.at: rxkad error=3D=
19270408 (server 129.27.161.139)
| afs: Tokens for user of AFS id 997 for cell itp.tugraz.at are discarded (=
rxkad error=3D19270408,server 129.27.161.95)

I'm not sure whether I should run "akeyconvert" after copying the
Kerberos keytab to the servers?  In my opinion we should have a file
/etc/openafs/server/KeyFileExt, but it's not mentioned in the
docs.

Best regards,
Andreas
--=20
Andreas Hirczy <ahi@itp.tugraz.at>                  https://itp.tugraz.at/~=
ahi/
Graz University of Technology                       phone: +43/316/873-   8=
190
Institute of Theoretical and Computational Physics    fax: +43/316/873-10 8=
190
Petersgasse 16, A-8010 Graz                        mobile: +43/664/859 23 57