On Thursday 07 December 2006 10:03, Marcus Watts wrote: > Gunnar Krull <[EMAIL PROTECTED]> and others wrote: > ... > > > > > I think that's the reason why my token gets discarded when trying to > > > > access a protected folder of our afs filespace: > > > > afs: Tokens for user of AFS id 1032 for cell ****** are discarded > > > > (rxkad error=19270410) > > > > > > 19270410 is RXKADSEALEDINCON, which effectively means that either you > > > or the fileserver is not encrypting data correctly. Usually it means > > > that one of you is using the wrong key, but in this case, there is a > > > known problem on some 64-bit platforms, which should be fixed in the > > > next release. > > > > The encryption and keys on the server side are correct. I've checked this > > to be sure that the problem is the client. Sparc64 in combination with > > Linux/Debian is the only effected architecture here. > > > > So, I'm waiting impatiently for the fixed release ... > > This sounds like it might be the same problem that Steve Roseman > <[EMAIL PROTECTED]> ran into on powerpc. In his case, his cache manager > was using wrong-endian encryption right at the point of setting up an > encrypted rx connection with a fileserver, so wasn't in fact capable of > doing authenticated file access. The definitive proof would be to use > tcpdump & knowledge of the keys used to prove this is what happening, > but you probably won't need to do that. > > I would be *very* interested in knowing two things: > > /1/ do pts and other userland commands work while using authenticated > access with a token immediately before you access afs filespace and lose > that token? > ( since your error report contains your vice id, this > seems likely to be true. )
Yes, that works. I can e.g. create and remove user groups with pts. Creating/removing volumes per vos command also works. Interestingly: after my token got discarded I can still execute commands that need authentication (pts, vos, ...) !? > > /2/ does this build fix produces a working cache manager for you? > > > The "simple" kludge is to just append the line "#define WORDS_BIGENDIAN > > 1" at the end of src/config/afsconfig.h after configuring afs, then at > > the top do ( cd src/libafs; make clean ) > > -- if you have old kernel objects in your build tree > > make only_libafs > > -- build just the cache manager > > You can then copy the cache manager pieces to your already existing > > system. Of course you can also build the whole thing. > > Just remember that if you type configure or config.status you'll > > have to patch afsconfig.h again. > > If these are both true, then that's good, that means I may actually > have an interesting patch that will help you as well as others shortly. > Also, you'll have a working cache manager, and won't need to be quite > so impatient. :-) Yes, that's it! Now I can open files and directories in "authentication only" area of our afs filespace and the token resides in my system. I will test it more in the next days but it should be ok now. Thanks for the hint! Gunnar _______________________________________________ OpenAFS-info mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-info
