19270408 == unknown key version number. Its quite simple. The key version number being obtained by the client does not match any key that was installed to the AFS KeyFile.
If you are trying to use the client tokens to authenticate to 'bosserver' that is of course going to fail. Use -localauth in order to list the keys and use kvno [email protected] to list the key version number from the KDC. >From you logs here it shows that you have both "[email protected]" and "afs/[email protected]" service principals. There is no good reason to have both but if you are going to have both they have to have different key version numbers and both keys must be in the AFS KeyFile. Jeffrey Altman Ted Creedon wrote: > I spoke too soon.. there's something amiss with my tokens and it uses > 100% of my cpu cycles > > Help! > > Apr 20 21:42:55 geronimo kernel: Found 32-bit system call table at > 0xffffffff80407460 (pattern scan) > Apr 20 21:42:58 geronimo kernel: Starting AFS cache scan...found 4141 > non-empty cache files (8%). > Apr 20 21:43:05 geronimo krb5kdc[4567]: AS_REQ (12 etypes {18 17 16 23 1 > 3 2 11 10 15 12 13}) 10.1.1.185: ISSUE: authtime 1240288985, etypes > {rep=16 tkt=1 ses=16}, [email protected] <mailto:[email protected]> for > krbtgt/CREEDON.BIZ <http://CREEDON.BIZ>@CREEDON.BIZ <http://CREEDON.BIZ> > Apr 20 21:43:10 geronimo syslog-ng[2290]: last message repeated 2 times > Apr 20 21:43:10 geronimo krb5kdc[4567]: TGS_REQ (1 etypes {1}) > 10.1.1.185: ISSUE: authtime 1240288985, etypes {rep=16 tkt=1 ses=1}, > [email protected] <mailto:[email protected]> for afs/creedon.biz > <http://creedon.biz>@CREEDON.BIZ <http://CREEDON.BIZ> > Apr 20 21:43:31 geronimo syslog-ng[2290]: last message repeated 2 times > Apr 20 21:43:31 geronimo kernel: afs: Tokens for user of AFS id 1 for > cell creedon.biz <http://creedon.biz>: rxkad error=19270408 > Apr 20 21:43:31 geronimo syslog-ng[2290]: last message repeated 538 times > Apr 20 21:43:31 geronimo kernel: rxkad error=19270408 > Apr 20 21:43:31 geronimo kernel: afs: Tokens for user of AFS id 1 for > cell creedon.biz <http://creedon.biz>: rxkad error=19270408 > Apr > > > > On Mon, Apr 20, 2009 at 8:12 PM, Ted Creedon <[email protected] > <mailto:[email protected]>> wrote: > > This has been discussed to death before but the keys seem to be the > same... > > I have no clue about what's going on. Can anyone help? > > thanks > > tedc > > klist -k /etc/krb5.keytab -t -K > Keytab name: FILE:/etc/krb5.keytab > KVNO Timestamp Principal > ---- ----------------- > -------------------------------------------------------- > 8 04/20/09 19:49:50 [email protected] <mailto:[email protected]> > (0xbaf225e9c7aeeab9) > ========================== > geronimo:~ # asetkey list > kvno 8: key is: baf225e9c7aeeab9 > All done. > > ========================== > > Tokens held by the Cache Manager: > > User's (AFS ID 1) tokens for [email protected] > <mailto:[email protected]> [Expires Apr 21 19:53] > --End of list- > > =========================== > bos listkeys $S > bos: ticket contained unknown key version number error encountered > while listing keys > >
smime.p7s
Description: S/MIME Cryptographic Signature
