Re: [OpenAFS] RHEL6 openafs, krb5-workstation /usr/bin/kpasswd packaging conflict
On 6 Jan 2011, at 20:21, Russ Allbery r...@stanford.edu wrote: My recommendation would be to move kpasswd (and kas) into a separate package that conflicts with krb5-workstation. That's the approach I'll take when I get round to building the OpenAFS RPMs on RHEL6. If anyone would like to submit a patch, the spec file is in git. S.___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
[OpenAFS] BPW 2011 Papers?
Has it been determined yet to whom our presentation proposals for BPW 2011 (UNC, I believe) should be sent? Thanks! Evan Macbeth Sine Nomine Associates
Re: [OpenAFS] BPW 2011 Papers?
The CFP web form will take care of it, as it has in previous years. The CFP will be issued within the next week. On Fri, Jan 7, 2011 at 11:47 AM, Evan Macbeth emacb...@sinenomine.net wrote: Has it been determined yet to whom our presentation proposals for BPW 2011 (UNC, I believe) should be sent? Thanks! Evan Macbeth Sine Nomine Associates -- Derrick ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] Re: asetkey: failed to set key, code 70354694
This was solved by getting the responsible person to finally upgrade this box to Solaris 10 and OpenAFS 1.4.11 via upclientbin. On 1/6/2011 10:30 AM, Jeff Blaine wrote: It's talking to a Solaris 9 OpenAFS 1.4.6 server (the only one like that in our cell). Solaris 10 and OpenAFS 1.4.11 on all other servers. I rebooted it though after the KeyFile update due to it seeming a little out of whack (AFS DB server only). On 1/6/2011 9:46 AM, Derrick Brashear wrote: Same AFS version everywhere? Some older version had a bug and would hang when rereading KeyFile, but it shouldn't cause this. Use tcpdump and figure out which server is returning that error, or, install a 1.5.78 client and see which server it logs the error about? On Thu, Jan 6, 2011 at 8:50 AM, Jeff Blainejbla...@kickflop.net wrote: Hmm, not so fast I guess. *Some* hosts are still doing this, others are fine (???). All /usr/afs/etc/KeyFile files checksum the same on our servers. rcf-smtp% ssh vegas Password: Last login: Thu Jan 6 08:04:52 2011 from rcf-smtp.our. afs: Tokens for user of AFS id 26560 for cell rcf.our.org are discarded (rxkad error=19270408) % % translate_et 19270408 19270408 (rxk).8 = ticket contained unknown key version number % kinit Password for jbla...@rcf.our.org: % aklog % logout rcf-smtp% ssh vegas Password: Last login: Thu Jan 6 08:28:51 2011 from rcf-smtp.our. afs: Tokens for user of AFS id 26560 for cell rcf.our.org are discarded (rxkad error=19270408) % On 1/5/2011 8:37 PM, Jeff Blaine wrote: Thanks all -- that did it. On 1/5/2011 5:47 PM, Andrew Deason wrote: On Wed, 05 Jan 2011 17:36:57 -0500 Jeff Blainejbla...@kickflop.net wrote: etc-upserver-host# asetkey add 17 /etc/krb5.keytab afs asetkey: failed to set key, code 70354694. etc-upserver-host# $ translate_et 70354694 70354694 (acfg).6 = no more entries aka AFSCONF_FULL. You can only have 8 keys at once iirc; how many do you have in there? ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
[OpenAFS] openafs-stable-1_6_0pre1 installing with various OpenSUSE kernels
I'm upgrading all my servers: So far with /configure --enable-transarc-paths --enable-namei-fileserver --with-linux-kernel-headers=/usr/src/linux --enable-bitmap-later --enable-supergroups *** server redcloud kernel 2.6.27.7-9 compiles and installs but errors out Starting OpenAFS Server/usr/afs/bin/bosserver: error while loading shared libraries: librokenafs.so.1: cannot open shared object file: No such file or directory startproc: exit status of parent of /usr/afs/bin/bosserver: 127 ** server geronimo kernel 2.6.22.5-31 seems to compile and install but git carps make all usage: git-diff-index [-m] [--cached] [common diff options] tree-ish [path...] and a client error insmod: error inserting './libafs-2.6.22.5-31-default-ted.mp.ko': -1 Unknown symbol in module server ookpik kernel 2.6.27.7-9 seems to compile * run OK but (geronimo contains the RW volumes) Help is appreciated thanks tedc
[OpenAFS] Re: openafs-stable-1_6_0pre1 installing with various OpenSUSE kernels
On Fri, 7 Jan 2011 09:51:06 -0800 Ted Creedon tcree...@easystreet.net wrote: Starting OpenAFS Server/usr/afs/bin/bosserver: error while loading shared libraries: librokenafs.so.1: cannot open shared object file: No such file or directory startproc: exit status of parent of /usr/afs/bin/bosserver: 127 The build process gives you some amd64_linux26/dest/lib/librokenafs.* files. You need to copy at least those to /usr/lib or wherever the linker can find them (if not all of dest/lib/). ** server geronimo kernel 2.6.22.5-31 seems to compile and install but git carps make all usage: git-diff-index [-m] [--cached] [common diff options] tree-ish [path...] The 1.6.0pre1 release should probably have a .version (but I'm guessing it doesn't). I guess --quiet is an option only present in some versions of git and we should avoid it. and a client error insmod: error inserting './libafs-2.6.22.5-31-default-ted.mp.ko': -1 Unknown symbol in module Somewhere near the end of 'dmesg' output should tell you what the symbol is. -- Andrew Deason adea...@sinenomine.net ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] Re: openafs-stable-1_6_0pre1 installing with various OpenSUSE kernels
libafs: Unknown symbol find_exported_dentry libafs: Unknown symbol export_op_default libafs: Unknown symbol find_exported_dentry libafs: Unknown symbol export_op_default libafs: Unknown symbol find_exported_dentry libafs: Unknown symbol export_op_default On Fri, Jan 7, 2011 at 10:44 AM, Andrew Deason adea...@sinenomine.netwrote: On Fri, 7 Jan 2011 09:51:06 -0800 Ted Creedon tcree...@easystreet.net wrote: Starting OpenAFS Server/usr/afs/bin/bosserver: error while loading shared libraries: librokenafs.so.1: cannot open shared object file: No such file or directory startproc: exit status of parent of /usr/afs/bin/bosserver: 127 The build process gives you some amd64_linux26/dest/lib/librokenafs.* files. You need to copy at least those to /usr/lib or wherever the linker can find them (if not all of dest/lib/). ** server geronimo kernel 2.6.22.5-31 seems to compile and install but git carps make all usage: git-diff-index [-m] [--cached] [common diff options] tree-ish [path...] The 1.6.0pre1 release should probably have a .version (but I'm guessing it doesn't). I guess --quiet is an option only present in some versions of git and we should avoid it. and a client error insmod: error inserting './libafs-2.6.22.5-31-default-ted.mp.ko': -1 Unknown symbol in module Somewhere near the end of 'dmesg' output should tell you what the symbol is. -- Andrew Deason adea...@sinenomine.net ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] Re: asetkey: failed to set key, code 70354694
I lied, again! It's BACK. All file + DB servers report the exact same data for 'bos listkeys' All DB servers have been 'bos restart server -all' Various clients upon login throw the afs: Tokens for user of AFS id 26560 for cell rcf.our.org are discarded (rxkad error=19270408) error for various users. Some hosts work, some don't. Some that don't are 1.4.11 just like the servers. This is the communication after entering a password via SSH + pam_krb5 + pam_afs_session on a Solaris 10 SPARC box running 1.4.11: client1.our.org - afsdb2.our.org UDP D=7004 S=32965 LEN=84 afsdb2.our.org - client1.our.org UDP D=32965 S=7004 LEN=180 client1.our.org - afsdb2.our.org UDP D=7004 S=32965 LEN=73 client1.our.org - afsdb1.our.org UDP D=7004 S=32966 LEN=84 afsdb1.our.org - client1.our.org UDP D=32966 S=7004 LEN=180 client1.our.org - afsdb1.our.org UDP D=7004 S=32966 LEN=73 client1.our.org - afsdb2.our.org UDP D=7004 S=32966 LEN=156 afsdb2.our.org - client1.our.org UDP D=32966 S=7004 LEN=140 client1.our.org - afsdb2.our.org UDP D=7004 S=32966 LEN=73 client1.our.org - afsdb2.our.org UDP D=7002 S=32966 LEN=300 afsdb2.our.org - client1.our.org UDP D=32966 S=7002 LEN=44 client1.our.org - afsdb2.our.org UDP D=7002 S=32966 LEN=73 client1.our.org - afsfs1.our.org UDP D=7000 S=7001 LEN=52 afsfs1.our.org - client1.our.org UDP D=7001 S=7000 LEN=52 client1.our.org - afsfs1.our.org UDP D=7000 S=7001 LEN=132 afsfs1.our.org - client1.our.org UDP D=7001 S=7000 LEN=74 afsfs1.our.org - client1.our.org UDP D=7001 S=7000 LEN=40 client1.our.org - afsfs1.our.org UDP D=7000 S=7001 LEN=52 afsfs1.our.org - client1.our.org UDP D=7001 S=7000 LEN=40 client1.our.org - afsfs1.our.org UDP D=7000 S=7001 LEN=476 afsfs1.our.org - client1.our.org UDP D=7001 S=7000 LEN=73 afsfs1.our.org - client1.our.org UDP D=7001 S=7000 LEN=156 client1.our.org - afsfs1.our.org UDP D=7000 S=7001 LEN=73 FWIW, none of thosts above are the so-called previously problematic box, which we have actually halted for now to see if it affects anything. Can't make any sense of this. On 1/7/2011 12:15 PM, Jeff Blaine wrote: This was solved by getting the responsible person to finally upgrade this box to Solaris 10 and OpenAFS 1.4.11 via upclientbin. On 1/6/2011 10:30 AM, Jeff Blaine wrote: It's talking to a Solaris 9 OpenAFS 1.4.6 server (the only one like that in our cell). Solaris 10 and OpenAFS 1.4.11 on all other servers. I rebooted it though after the KeyFile update due to it seeming a little out of whack (AFS DB server only). On 1/6/2011 9:46 AM, Derrick Brashear wrote: Same AFS version everywhere? Some older version had a bug and would hang when rereading KeyFile, but it shouldn't cause this. Use tcpdump and figure out which server is returning that error, or, install a 1.5.78 client and see which server it logs the error about? On Thu, Jan 6, 2011 at 8:50 AM, Jeff Blainejbla...@kickflop.net wrote: Hmm, not so fast I guess. *Some* hosts are still doing this, others are fine (???). All /usr/afs/etc/KeyFile files checksum the same on our servers. rcf-smtp% ssh vegas Password: Last login: Thu Jan 6 08:04:52 2011 from rcf-smtp.our. afs: Tokens for user of AFS id 26560 for cell rcf.our.org are discarded (rxkad error=19270408) % % translate_et 19270408 19270408 (rxk).8 = ticket contained unknown key version number % kinit Password for jbla...@rcf.our.org: % aklog % logout rcf-smtp% ssh vegas Password: Last login: Thu Jan 6 08:28:51 2011 from rcf-smtp.our. afs: Tokens for user of AFS id 26560 for cell rcf.our.org are discarded (rxkad error=19270408) % On 1/5/2011 8:37 PM, Jeff Blaine wrote: Thanks all -- that did it. On 1/5/2011 5:47 PM, Andrew Deason wrote: On Wed, 05 Jan 2011 17:36:57 -0500 Jeff Blainejbla...@kickflop.net wrote: etc-upserver-host# asetkey add 17 /etc/krb5.keytab afs asetkey: failed to set key, code 70354694. etc-upserver-host# $ translate_et 70354694 70354694 (acfg).6 = no more entries aka AFSCONF_FULL. You can only have 8 keys at once iirc; how many do you have in there? ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] Re: asetkey: failed to set key, code 70354694
I should also point out that 'kinit; aklog' works for all users who report problems. How could it be that pam_krb5 (Russ's) and pam_afs_session are broken due to a key change? On 1/7/2011 2:38 PM, Jeff Blaine wrote: I lied, again! It's BACK. All file + DB servers report the exact same data for 'bos listkeys' All DB servers have been 'bos restart server -all' Various clients upon login throw the afs: Tokens for user of AFS id 26560 for cell rcf.our.org are discarded (rxkad error=19270408) error for various users. Some hosts work, some don't. Some that don't are 1.4.11 just like the servers. This is the communication after entering a password via SSH + pam_krb5 + pam_afs_session on a Solaris 10 SPARC box running 1.4.11: client1.our.org - afsdb2.our.org UDP D=7004 S=32965 LEN=84 afsdb2.our.org - client1.our.org UDP D=32965 S=7004 LEN=180 client1.our.org - afsdb2.our.org UDP D=7004 S=32965 LEN=73 client1.our.org - afsdb1.our.org UDP D=7004 S=32966 LEN=84 afsdb1.our.org - client1.our.org UDP D=32966 S=7004 LEN=180 client1.our.org - afsdb1.our.org UDP D=7004 S=32966 LEN=73 client1.our.org - afsdb2.our.org UDP D=7004 S=32966 LEN=156 afsdb2.our.org - client1.our.org UDP D=32966 S=7004 LEN=140 client1.our.org - afsdb2.our.org UDP D=7004 S=32966 LEN=73 client1.our.org - afsdb2.our.org UDP D=7002 S=32966 LEN=300 afsdb2.our.org - client1.our.org UDP D=32966 S=7002 LEN=44 client1.our.org - afsdb2.our.org UDP D=7002 S=32966 LEN=73 client1.our.org - afsfs1.our.org UDP D=7000 S=7001 LEN=52 afsfs1.our.org - client1.our.org UDP D=7001 S=7000 LEN=52 client1.our.org - afsfs1.our.org UDP D=7000 S=7001 LEN=132 afsfs1.our.org - client1.our.org UDP D=7001 S=7000 LEN=74 afsfs1.our.org - client1.our.org UDP D=7001 S=7000 LEN=40 client1.our.org - afsfs1.our.org UDP D=7000 S=7001 LEN=52 afsfs1.our.org - client1.our.org UDP D=7001 S=7000 LEN=40 client1.our.org - afsfs1.our.org UDP D=7000 S=7001 LEN=476 afsfs1.our.org - client1.our.org UDP D=7001 S=7000 LEN=73 afsfs1.our.org - client1.our.org UDP D=7001 S=7000 LEN=156 client1.our.org - afsfs1.our.org UDP D=7000 S=7001 LEN=73 FWIW, none of thosts above are the so-called previously problematic box, which we have actually halted for now to see if it affects anything. Can't make any sense of this. On 1/7/2011 12:15 PM, Jeff Blaine wrote: This was solved by getting the responsible person to finally upgrade this box to Solaris 10 and OpenAFS 1.4.11 via upclientbin. On 1/6/2011 10:30 AM, Jeff Blaine wrote: It's talking to a Solaris 9 OpenAFS 1.4.6 server (the only one like that in our cell). Solaris 10 and OpenAFS 1.4.11 on all other servers. I rebooted it though after the KeyFile update due to it seeming a little out of whack (AFS DB server only). On 1/6/2011 9:46 AM, Derrick Brashear wrote: Same AFS version everywhere? Some older version had a bug and would hang when rereading KeyFile, but it shouldn't cause this. Use tcpdump and figure out which server is returning that error, or, install a 1.5.78 client and see which server it logs the error about? On Thu, Jan 6, 2011 at 8:50 AM, Jeff Blainejbla...@kickflop.net wrote: Hmm, not so fast I guess. *Some* hosts are still doing this, others are fine (???). All /usr/afs/etc/KeyFile files checksum the same on our servers. rcf-smtp% ssh vegas Password: Last login: Thu Jan 6 08:04:52 2011 from rcf-smtp.our. afs: Tokens for user of AFS id 26560 for cell rcf.our.org are discarded (rxkad error=19270408) % % translate_et 19270408 19270408 (rxk).8 = ticket contained unknown key version number % kinit Password for jbla...@rcf.our.org: % aklog % logout rcf-smtp% ssh vegas Password: Last login: Thu Jan 6 08:28:51 2011 from rcf-smtp.our. afs: Tokens for user of AFS id 26560 for cell rcf.our.org are discarded (rxkad error=19270408) % On 1/5/2011 8:37 PM, Jeff Blaine wrote: Thanks all -- that did it. On 1/5/2011 5:47 PM, Andrew Deason wrote: On Wed, 05 Jan 2011 17:36:57 -0500 Jeff Blainejbla...@kickflop.net wrote: etc-upserver-host# asetkey add 17 /etc/krb5.keytab afs asetkey: failed to set key, code 70354694. etc-upserver-host# $ translate_et 70354694 70354694 (acfg).6 = no more entries aka AFSCONF_FULL. You can only have 8 keys at once iirc; how many do you have in there? ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info ___ OpenAFS-info mailing list OpenAFS-info@openafs.org
[OpenAFS] vos unlock vldb errror
vos unlockvldb -server ookpik ffails Unlocked all the VLDB entries for volumes on server ookpik *** glibc detected *** vos: free(): invalid pointer: 0x0068e320 *** === Backtrace: = /lib64/libc.so.6[0x2ae8d5b3021d] /lib64/libc.so.6(cfree+0x76)[0x2ae8d5b31f76] vos[0x40dd0c] vos[0x43e494] vos[0x409781] /lib64/libc.so.6(__libc_start_main+0xf4)[0x2ae8d5adfb54] vos[0x405fd9] === Memory map: 0040-0047f000 r-xp 08:07 20612126 /usr/local/sbin/vos 0067f000-00681000 rw-p 0007f000 08:07 20612126 /usr/local/sbin/vos 00681000-006da000 rw-p 00681000 00:00 0 [heap] 2ae8d5691000-2ae8d56ad000 r-xp 08:07 9830402 /lib64/ld-2.6.1.so 2ae8d56ad000-2ae8d56ae000 rw-p 2ae8d56ad000 00:00 0 2ae8d56d7000-2ae8d580b000 rw-p 2ae8d56d7000 00:00 0 2ae8d58ac000-2ae8d58ae000 rw-p 0001b000 08:07 9830402 /lib64/ld-2.6.1.so 2ae8d58ae000-2ae8d58bf000 r-xp 08:07 9830437 /lib64/libresolv-2.6.1.so 2ae8d58bf000-2ae8d5abe000 ---p 00011000 08:07 9830437 /lib64/libresolv-2.6.1.so 2ae8d5abe000-2ae8d5ac rw-p 0001 08:07 9830437 /lib64/libresolv-2.6.1.so 2ae8d5ac-2ae8d5ac2000 rw-p 2ae8d5ac 00:00 0 2ae8d5ac2000-2ae8d5bfe000 r-xp 08:07 9830409 /lib64/libc-2.6.1.so 2ae8d5bfe000-2ae8d5dfe000 ---p 0013c000 08:07 9830409 /lib64/libc-2.6.1.so 2ae8d5dfe000-2ae8d5e01000 r--p 0013c000 08:07 9830409 /lib64/libc-2.6.1.so 2ae8d5e01000-2ae8d5e03000 rw-p 0013f000 08:07 9830409 /lib64/libc-2.6.1.so 2ae8d5e03000-2ae8d5e0a000 rw-p 2ae8d5e03000 00:00 0 2ae8d5e0a000-2ae8d5e14000 r-xp 08:07 9830426 /lib64/libnss_files-2.6.1.so 2ae8d5e14000-2ae8d6013000 ---p a000 08:07 9830426 /lib64/libnss_files-2.6.1.so 2ae8d6013000-2ae8d6015000 rw-p 9000 08:07 9830426 /lib64/libnss_files-2.6.1.so 2ae8d6015000-2ae8d6022000 r-xp 08:07 9830487 /lib64/libgcc_s.so.1 2ae8d6022000-2ae8d6221000 ---p d000 08:07 9830487 /lib64/libgcc_s.so.1 2ae8d6221000-2ae8d6223000 rw-p c000 08:07 9830487 /lib64/libgcc_s.so.1 2ae8d800-2ae8d8021000 rw-p 2ae8d800 00:00 0 2ae8d8021000-2ae8dc00 ---p 2ae8d8021000 00:00 0 7fffd53cf000-7fffd5419000 rw-p 7fffd53cf000 00:00 0 [stack] ff60-ff601000 r-xp 00:00 0 [vdso] Aborted
[OpenAFS] Re: [OpenAFS-announce] OpenAFS 1.6.0 release candidate 1 available
Derrick J Brashear wrote: The OpenAFS Gatekeepers announce the availability of the first release candidate for OpenAFS version 1.6.0. Source files and available binaries can be accessed via the web at: http://www.openafs.org/release/openafs-1.6.0pre1.html or via AFS at: UNIX: /afs/grand.central.org/software/openafs/candidate/1.6.0pre1/ UNC: \\afs\grand.central.org\software\openafs\candidate\1.6.0pre1\ A large number of bugfixes, a number of new features, and a set of binaries supporting the Demand Attach File Service, are included. Please assist the gatekeepers by deploying this release and providing positive or negative feedback. Bug reports should be filed to openafs-b...@openafs.org . Reports of success should be sent to openafs-info@openafs.org . Derrick Brashear for the OpenAFS Gatekeepers ___ OpenAFS-announce mailing list openafs-annou...@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-announce Should I expect the source rpm to work with Red Hat 6? -- Rich Sudlow University of Notre Dame Center for Research Computing 128 Information Technology Center PO Box 539 Notre Dame, IN 46556-0539 (574) 631-7258 office phone (574) 631-9283 office fax ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] Re: [OpenAFS-announce] OpenAFS 1.6.0 release candidate 1 available
On Fri, Jan 7, 2011 at 4:22 PM, Rich Sudlow r...@nd.edu wrote: Derrick J Brashear wrote: The OpenAFS Gatekeepers announce the availability of the first release candidate for OpenAFS version 1.6.0. Source files and available binaries can be accessed via the web at: http://www.openafs.org/release/openafs-1.6.0pre1.html or via AFS at: UNIX: /afs/grand.central.org/software/openafs/candidate/1.6.0pre1/ UNC: \\afs\grand.central.org\software\openafs\candidate\1.6.0pre1\ A large number of bugfixes, a number of new features, and a set of binaries supporting the Demand Attach File Service, are included. Please assist the gatekeepers by deploying this release and providing positive or negative feedback. Bug reports should be filed to openafs-b...@openafs.org . Reports of success should be sent to openafs-info@openafs.org . Derrick Brashear for the OpenAFS Gatekeepers ___ OpenAFS-announce mailing list openafs-annou...@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-announce Should I expect the source rpm to work with Red Hat 6? Given what I know at the moment some tweaking is going to be needed before it does. -- Derrick ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
[OpenAFS] Re: asetkey: failed to set key, code 70354694
On Fri, 07 Jan 2011 14:41:11 -0500 Jeff Blaine jbla...@kickflop.net wrote: I should also point out that 'kinit; aklog' works for all users who report problems. How could it be that pam_krb5 (Russ's) and pam_afs_session are broken due to a key change? If you changed the key, and someone has an old afs service key (from before the key change), their access is not going to work. So, do you mean it works when you 'kinit; aklog', but you get an error when you login normally? (as in, using a password) Whether that be via ssh or whatever. -- Andrew Deason adea...@sinenomine.net ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
[OpenAFS] Re: openafs-stable-1_6_0pre1 installing with various OpenSUSE kernels
On Fri, 7 Jan 2011 11:01:08 -0800 Ted Creedon tcree...@easystreet.net wrote: libafs: Unknown symbol find_exported_dentry libafs: Unknown symbol export_op_default libafs: Unknown symbol find_exported_dentry libafs: Unknown symbol export_op_default libafs: Unknown symbol find_exported_dentry libafs: Unknown symbol export_op_default Are you running 'insmod' yourself, or are you starting the client from an init script? You need to 'modprobe exportfs' before loading the OpenAFS kernel module. -- Andrew Deason adea...@sinenomine.net ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] Re: asetkey: failed to set key, code 70354694
Hi Andrew, How could it be that pam_krb5 (Russ's) and pam_afs_session are broken due to a key change? Ignore me above there. pam_krb5RA and pam_afs_session are working fine. I was mistaken on that part. Let's stick to plain old klog below as you suggest. If you changed the key, and someone has an old afs service key (from before the key change), their access is not going to work. Understood (finally). See below. So, do you mean it works when you 'kinit; aklog', but you get an error when you login normally? (as in, using a password) Whether that be via ssh or whatever. What I've found is that any authentication to kaserver ends up with a token that gets trashed/discarded. That is, I can run klog, seemingly get tokens fine, and then they are discarded when I run the 'tokens' command. We still offer kaserver auth for about 30 boxes that are in the process of being upgraded to a newer OS rev where we have implemented MIT krb5 auth + tokens. Here's an example: ~:cairo klog Password: ~:cairo pwd /afs/rcf/user/jblaine ~:cairo fs la . afs: Tokens for user of AFS id 26560 for cell rcf.our.org: rxkad error=19270408 afs: Tokens for user of AFS id 26560 for cell rcf.our.org: rxkad error=19270408 afs: Tokens for user of AFS id 26560 for cell rcf.our.org are discarded (rxkad error=19270408) Access list for . is Normal rights: system:anyuser rl jblaine rlidwka ~:cairo tokens Tokens held by the Cache Manager: User's (AFS ID 26560) tokens for a...@rcf.our.org [Expires Jan 22 05:36] --End of list-- ~:cairo touch file-in-home touch: file-in-home cannot create ~:cairo echo tokens-are-bogus-but-listed tokens-are-bogus-but-listed Authenticating to our MIT krb5 KDC + aklog works fine. ~:cairo kinit Password for jbla...@rcf.our.org: ~:cairo aklog ~:cairo touch file-in-home ~:cairo rm file-in-home ~:cairo And here is all of our servers showing matching keys (key 17 is the one ktadd made which we then asetkey'd): % for i in sonia shiva svetlana ur bunky canaan ephesus babylon; do bos listkeys $i | grep 'key 17'; done key 17 has cksum 1172998608 key 17 has cksum 1172998608 key 17 has cksum 1172998608 key 17 has cksum 1172998608 key 17 has cksum 1172998608 key 17 has cksum 1172998608 key 17 has cksum 1172998608 key 17 has cksum 1172998608 % And here's another example after a reboot + OpenAFS upgrade on one of the client boxes: # # I have valid krb5 creds + token from those krb5 creds # at first here (from pam_krb5 + pam_afs_session). # ~:one pwd /afs/rcf/user/jblaine ~:one touch bar ~:one rm bar ~:one klog Password: ~:one fs la . # there is a 2-3 second hang here Access list for . is Normal rights: system:anyuser rl jblaine rlidwka ~:one touch bar touch: cannot touch `bar': Permission denied ~:one uptime 20:39:53 up 2:50, 1 user, load average: 0.00, 0.02, 0.00 ~:one strings /usr/vice/etc/afsd | grep OpenAFS @(#) OpenAFS 1.4.12.1 built 2010-09-02 ~:one ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] Re: asetkey: failed to set key, code 70354694
And here is all of our servers showing matching keys (key 17 is the one ktadd made which we then asetkey'd): Yes, but that's the key for the krb5 setup. The kaserver setup will have a different service key and kvno (unless you did something special to synchronize them). Did you perhaps the key that kaserver was using from the KeyFile to make room for the new krb5 key? 'kas examine' can tell you the kvno for the afs service key in the kadb. If it's not in the KeyFile on your servers, well, there you go. afs service key in kadb = 9, doesn't exist in KeyFile So that explains it, yes. I deleted kvno 9 from the KeyFile in order to make room for 17. I'm embarassed to say that I'm not sure how to approach rectifying the situation now. Obfuscated cksum, right? Some, yes :) ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] Re: asetkey: failed to set key, code 70354694
I'm embarassed to say that I'm not sure how to approach rectifying the situation now. Ah, bos addkey with -kvno 9 and then kas setpass? ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
[OpenAFS] Re: asetkey: failed to set key, code 70354694
On Fri, 7 Jan 2011 20:58:16 -0500 Andrew Deason adea...@sinenomine.net wrote: And here is all of our servers showing matching keys (key 17 is the one ktadd made which we then asetkey'd): Yes, but that's the key for the krb5 setup. The kaserver setup will have a different service key and kvno (unless you did something special to synchronize them). Did you perhaps the key that kaserver was using from the KeyFile to make room for the new krb5 key? Did you perhaps *remove* the key. (Although, what I wrote will humorously make sense to some people... did you accidentally the key) -- Andrew Deason adea...@sinenomine.net ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] Re: asetkey: failed to set key, code 70354694
On 1/7/2011 9:23 PM, Jeff Blaine wrote: I'm embarassed to say that I'm not sure how to approach rectifying the situation now. Ah, bos addkey with -kvno 9 and then kas setpass? Err... kas setpass afs -admin_username admin (which changes kvno to 10 from 9) then bos deletekey -server the-upserveretc -kvno 10 bos addkey -server the-upserveretc -kvno 10 That seems to have done the trick from what I can tell. ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
[OpenAFS] Re: asetkey: failed to set key, code 70354694
On Fri, 07 Jan 2011 21:21:29 -0500 Jeff Blaine jbla...@kickflop.net wrote: afs service key in kadb = 9, doesn't exist in KeyFile So that explains it, yes. I deleted kvno 9 from the KeyFile in order to make room for 17. I'm embarassed to say that I'm not sure how to approach rectifying the situation now. I don't remember if what kas tells you is what you want to give to 'bos addkey'. I don't have a kadb handy to try with, but I would've just given that a shot. Otherwise yeah, just change the password to something, and addkey that. Of course, either way you need to remove one of the other keys to make room. (Not 17! ;) -- Andrew Deason adea...@sinenomine.net ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
