Hi, I'm trying to follow the "afs/cell transition procedure" as outlined in
http://www.openafs.org/pages/security/how-to-rekey.txt and I was able to generate a new disabled afs/cell principal with strong encryption, extract it to the rxkad.keytab file and distribute it to our file servers, and do the restarts. After this I've noticed the following message repeated in the FileLog for our servers: VL_RegisterAddrs rpc failed; will retry periodically (code=19270407, err=0) When I went to enable the new afs/cell principal and disable the old one, I was able to log in to a server and get an afs/cell service ticket, tokens, and access my afs volume. I could also do the same for my afs "admin" principal, but when I went to perform a "vos release" operation, I got an error about Could not lock the VLDB entry for the volume XXXXXXXX. rxk: security object was passed a bad ticket Error in vos release command. rxk: security object was passed a bad ticket >From one of our db servers I was able to do the release operation via -localauth. I then disabled the new afs/cell principal and enabled the old one, destroyed my tickets/tokens, re-authenticated, and was then able to perform the vos release. This leads me to believe that our servers are still using the old principal. Do I need to restart the afs fileserver processes after enabling the new afs/cell principal? Best, k- -- : Kendrick Hernandez : UNIX Systems Administrator : UNIX Systems and Infrastructure : Division of Information Technology : University of Maryland, Baltimore County
