[OpenAFS-devel] "Lost contact with file server" problems

[Jeffrey Hutzelman]

On Thursday, September 08, 2005 12:41:52 -0400 Jeffrey Altman 
<jaltman@secure-endpoints.com> wrote:

> So the question I then ask is whether or not the determination that the
> server is down is being performed using an authenticated or
> unauthenticated connection?  Testing for "DOWN" should be performed
> using an unauthenticated connection specifically to avoid the problem of
> a "bad" token being installed into the client.

Servers can be marked down in either of two ways.  First, there is a 
3-minute cycle in which every known server is pinged by performing a 
GetTime call via an unauthenticated connection.  Second, a server will be 
marked down if any RPC to it times out, or fails with an rx protocol error 
(small negative error code).

Normal errors, including RXKADEXPIRED and RXKADUNKNOWNKEY, _do not_ result 
in the server being marked down.  However, rxkad errors (those whose values 
fall within the 'RXK' com_err table) will result in the users tokens being 
discarded.

-- Jeff