[OpenAFS] Odd syncing behaviour AFTER upgrade

[Norman P. B. Joseph]

On Thu, 2004-01-15 at 11:03, Derrick J Brashear wrote:
> []
> > Wait a minute.  Aren't these databases supposed to agree?
> 
> The kaserver "account locked" stuff is in an external, unsync'd database.
> 
> > Anybody seen this?  What's going on, and how do I fix it?
> 
> Make your users get their passwords right, or just disable the account
> locking.

The account locking is a policy issue here that's not going away any
time soon.  But thanks for the suggestion.

In poking around there seems to be another issue at play.  The account
was getting locked because the user's password was no longer being
recognized (and in fewer than the 5 attempts we have configured on the
account).  On a hunch I asked how long his password was.  It was 11
characters.  I asked him to reset it to the 1st 8 characters, and after
he did he was able to get tokens again through the Windows client.

I vaguely recall an issue years ago with passwords greater than 8
characters, but thought that was no longer the case.  Are AFS passwords
restricted to 8 characters?

What's confusing about all this is that we've been humming along for
better than two years without these things (unsynced account locking
information and > 8 character passwords) being an issue until Tuesday. 
The only thing that's changed in my environment have been the new
database servers that were installed on Monday.  I'm just looking for
some insight from people with more experience than I have.

Thanks,
-- 
 Norman Joseph, Systems Engineer           joseph@ctcgsc.org      IC|XC
 Concurrent Technologies Corporation         814/269.2633         --+--
 Global Systems Center                                            NI|KA

  ***  Be kind, for everyone you meet is fighting a great battle  ***