[j-nsp] keyadmin error

Harry Reynolds harry at juniper.net
Thu Mar 22 17:27:41 EST 2007


I've never seen that error, but its likely related to 7.5 feature called
hitless authentication key-chain reuse . Does this box have HAKR enabled
for either bgp or ldp? Seems that at commit keyadmin is tasked with
dumping the current keychain to the kernel and its encountering an
unexpected value. If HAKR is setup on this box, is it working?

Not sure if you are aware but keyadmin can be executed from a root shell
(only use shell commands under jtac guidance, or course) to dump
existing keychains and to view various parameters. You might try a
keyadmin dump to see if it spits out any extra details regarding the
problem. IIRC dump will show active security associations and
dump_keychain does what it sounds like.

Let me see if I can get any more info.

root at foo% keyadmin 
key> help
        add <type> <spi/port> <src> <dst> <transform> <key> [iv]
        del <type> <spi/port> <src> <dst>
        get <type> <spi/port> <src> <dst>
        dump  
        load { <filename> | - }
        unload { <filename> | - }
        save { <filename> | - }
        help [command]
        flush
        ! [command]
        exit
        quit
        revise <filename>
        dump_keychain  
        flush_keychain

Regards



> -----Original Message-----
> From: juniper-nsp-bounces at puck.nether.net 
> [mailto:juniper-nsp-bounces at puck.nether.net] On Behalf Of Eric Van Tol
> Sent: Thursday, March 22, 2007 1:18 PM
> To: juniper-nsp at puck.nether.net
> Subject: [j-nsp] keyadmin error
> 
> Anyone know what this means?
> 
> keyadmin[11805]: dump_assn: encountered end of stream. errno
> 
> This error appears upon each commit.  This is an M10i with 
> 8.2 recently installed on it, however, the same occurred with 8.0.
> 
> Thanks in advance,
> eric
> 
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net 
> https://puck.nether.net/mailman/listinfo/juniper-nsp
> 



More information about the juniper-nsp mailing list