[00:41:54] --- Russ has left: Disconnected [07:04:17] --- jaltman/FrogsLeap has left: Disconnected [09:51:07] --- jaltman/FrogsLeap has become available [12:51:48] --- Russ has become available [16:57:52] Have the client compiling on FBSD 7.3, but am getting: aklog: unknown RPC error (-1765328324) while getting AFS tickets aka KRB5KRB_ERR_GENERIC What are the standard debugging steps for this case? [16:57:52] --- geekosaur has left: Lost connection [16:58:46] that is a Kerberos error. which function call is failing with that error? [17:02:32] after you identify the kerberos function that is failing, it is time to read the Kerberos sources to determine where it is originating. It would also be useful to know if the error is coming from the local library or the KDC [17:02:46] --- geekosaur has become available [17:29:43] Looks like krb5_get_credentials is failing. I think from the KDC, as there's a recvfrom mentioning an error in the ktrace output. [17:36:31] can you look in the KDC log? [17:38:07] Hmm ... [17:39:41] Nothing in kdc.log [17:55:00] what version is the kdc? [17:55:58] 1.7.1 [17:56:20] But there's nothing in kdc.log when I successfully aklog from a different machine. [17:56:52] there must be a record for the incoming request and the result [18:10:05] Oh. No, I'm dumb. This KDC isn't used for the AFS tickets. [18:43:44] The most likely suspect is a preauth failure. [18:45:36] For bonus points, $ kgetcred afs/sipb.mit.edu@ATHENA.MIT.EDU $ aklog sipb.mit.edu succeeds [18:53:24] Currently rebuilding with pthreaded-aklog reverted. [19:00:45] no visible change. [19:24:26] Hmm, I wonder if this is due to an ancient heimdal .... [20:02:28] what is the difference in the kdc logs between those two requests? [20:02:49] --- jaltman/FrogsLeap has left: Disconnected [20:05:06] I don't actually have kdc logs; I forgot that the zone cell is authed from the ATHENA realm. [20:16:18] A build against MIT krb5 1.6.3 has a successful aklog. I am fairly inclined to blame the heimdal 0.6.3 for the failure. [20:18:22] Of course, there is more than one variable that changed, so it's not conclusive. [20:21:41] But, it looks like I get to build a new kernel with more debugging options, as this build is panic-y. [21:05:40] --- jaltman/FrogsLeap has become available [21:12:44] --- jaltman/FrogsLeap has left: Disconnected [21:17:28] --- jaltman/FrogsLeap has become available [22:34:44] Since Derrick seems to be active right now, I'll mention that the locking issue I allude to is a panic: sleeping with non-sleepable lock held; the offending thread is vinvalbuf afs_GetVCache afs_VerifyVCache2 afs_MemRead afs_vop_getpages ... which makes me a bit nervous.