And here is all of our servers showing matching keys (key 17
is the one ktadd made which we then asetkey'd):
Yes, but that's the key for the krb5 setup. The kaserver setup will have
a different service key and kvno (unless you did something special to
synchronize them).
Did you perhaps the key that kaserver was using from the KeyFile to make
room for the new krb5 key? 'kas examine' can tell you the kvno for the
afs service key in the kadb. If it's not in the KeyFile on your servers,
well, there you go.
afs service key in kadb = 9, doesn't exist in KeyFile
So that explains it, yes. I deleted kvno 9 from the KeyFile
in order to make room for 17.
I'm embarassed to say that I'm not sure how to approach
rectifying the situation now.
Obfuscated cksum, right?
Some, yes :)
_______________________________________________
OpenAFS-info mailing list
[email protected]
https://lists.openafs.org/mailman/listinfo/openafs-info
