[OpenAFS] False replay error with 1.7 on Win 7 client (fwd)

[Jeffrey Altman]

This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enigA283A0BFF3D136B8148BF300
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

On 12/11/2012 4:30 PM, Steve Gaarder wrote:
> On Tue, 11 Dec 2012, Jeffrey Altman wrote:
>=20
>> Upgrading your AFS principal from afs@ to afs/math.cornell.edu@ will
>> fix this problem
>> and shorten the time it takes all AFS clients to obtain afs tokens.
>>
> Thanks. My next question is: if I do this, will it break existing
> sessions using tokens obtained via afs@?  Here's how I think I should
> make the change:
>=20
> 1. Create afs/math.cornell.edu@MATH.CORNELL.EDU
> 2. Store the key in a keytab file
> 3. Use asetkey to add the key to the keyfile on each of the AFS servers=


AFS does not associate a name with the key.  It only associates a key
version number with the key.   All you need to do is ensure that the key
version number for afs/math.cornell.edu does not match one of the
existing kvno values in the AFS KeyFile.

Please see the "Managing Server Encryption Keys" section of the
Administrator Guide.

  http://docs.openafs.org/AdminGuide/index.html#HDRWQ355.html

Jeffrey Altman



--------------enigA283A0BFF3D136B8148BF300
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)

iQEcBAEBAgAGBQJQyCR7AAoJENxm1CNJffh4eN8IAI+atEIihjP43oIegmEfSwHh
WfeKmd7//O1qkcAUDItuPnmgZldLe/JXFszZdje6B3vSRKPbvcZC7QdNvmsAfX+1
CIyC42npBH59gBTs4E1EZRAyRLrGOPZekMjZ2n2M47T5+a72ldGqaDOJVDK+e/k1
reqyGppB7ADbV02r4sUjfcrUxgasHBqv+9T1zg01BJuMT6BWRwGfL9MovByQVsRG
vf5o8eCgGD/6XfLksik0Zhy4KR7H7X8RDb7HewcPAcCrOZMNPSDbNGmyalrjddsZ
Ax274hSYx6AfXyx35R96nEXLXR4I9KsGdm0z+yKDX8AfTF6iU25LqcWD6JySVv4=
=Fi9x
-----END PGP SIGNATURE-----

--------------enigA283A0BFF3D136B8148BF300--