Hello,
I'm having trouble setting up openafs on debian bookworm.
I've imported kerberos keys into openafs via `akeyconvert -all`:
sudo asetkey list
rxkad_krb5 kvno 4 enctype 17; key is:
????????????????????????????????
rxkad_krb5 kvno 4 enctype 18; key is:
????????????????????????????????????????????????????????????????
All done.
I'm now try to use the bos command line, but this fails:
$ sudo bos listkeys -server asus.erjoalgo.com
bos: unable to build security class (configuring connection security)
I have tried building `bos` from source to better understand the context of
the error message. I've only narrowed it down to:
function afsconf_ClientAuthToken in auth/authcon.c
code = ktc_GetTokenEx(info->name, &tokenSet);
function ktc_GetTokenEx in auth/ktc.c:
code = PIOCTL(0, VIOC_GETTOK2, &iob, 0);
This returns a non-zero code, causing the command line to fail.
What could be the reason that the PIOCTL command is failing? Is there any
way to get more information?
I've tried rebuilding the kernel module as suggested here
<https://unix.stackexchange.com/questions/404247/openafs-suddenly-fails-a-pioctl-failed-while-obtaining-tokens>
:
sudo dpkg-reconfigure openafs-modules-dkms
And restarting the openafs-client service, but this does not change
anything.
I only noticed some bening-looking warnings in dmesg:
[ 20.377862] systemd-fstab-generator[637]: Checking was requested for
"/var/cache/openafs.img", but it is not a device.
[ 20.676946] systemd[1]:
/lib/systemd/system/openafs-client.service:22: Unit uses KillMode=none.
This is unsafe, as it disables systemd's process lifecycle management for
the service. Please update the service to use a safer KillMode=, such as
'mixed' or 'control-group'. Support for KillMode=none is deprecated and
will eventually be removed.
[ 49.217272] openafs: loading out-of-tree module taints kernel.
[ 49.217278] openafs: module license '
http://www.openafs.org/dl/license10.html' taints kernel.
[ 49.217987] openafs: module verification failed: signature and/or
required key missing - tainting kernel
I don't see anything interesting in the openafs-client service logs or in
syslog:
$ sudo journalctl -feu openafs-client
May 28 09:03:43 asus systemd[1]: Starting openafs-client.service -
OpenAFS client...
May 28 09:03:50 asus afsd[1823]: afsd: All AFS daemons started.
May 28 09:03:50 asus afsd[1787]: afsd: All AFS daemons started.
May 28 09:03:50 asus systemd[1]: Started openafs-client.service -
OpenAFS client.
May 28 09:03:52 asus fs[1827]: Usage: /usr/bin/fs sysname [-newsys <new
sysname>+] [-help]
May 28 21:11:53 asus systemd[1]: Stopping openafs-client.service -
OpenAFS client...
May 28 21:11:54 asus systemd[1]: openafs-client.service: Deactivated
successfully.
May 28 21:11:54 asus systemd[1]: Stopped openafs-client.service -
OpenAFS client.
May 28 21:11:54 asus systemd[1]: openafs-client.service: Consumed
2.957s CPU time.
May 28 21:11:54 asus systemd[1]: Starting openafs-client.service -
OpenAFS client...
May 28 21:11:56 asus afsd[275229]: afsd: All AFS daemons started.
May 28 21:11:56 asus afsd[275250]: afsd: All AFS daemons started.
May 28 21:11:56 asus fs[275253]: Usage: /usr/bin/fs sysname [-newsys
<new sysname>+] [-help]
May 28 21:11:56 asus systemd[1]: Started openafs-client.service -
OpenAFS client.
How can I further debug this bos error?
openafs 1.8.9-1-debian
$ sudo lsmod | grep openafs
openafs 2863104 2
$
Ernesto
