[OpenAFS] False replay error with 1.7 on Win 7 client (fwd)
Steve Gaarder
gaarder1@math.cornell.edu
Wed, 12 Dec 2012 08:45:48 -0500 (EST)
On Tue, 11 Dec 2012, Harald Barth wrote:
>
> If you merge a new secret into the AFS key file on the server with a
> new (high, say 10001) kvno, it should not. I have not tested this
> though.
Is there an advantage to such a high kvno? As I understand it, the kvno
just has to be different from the one already in the keyfile.
>
>> 1. Create afs/math.cornell.edu@MATH.CORNELL.EDU
>> 2. Store the key in a keytab file
>> 3. Use asetkey to add the key to the keyfile on each of the AFS
>> servers
>
> Hmmm.
>
> Methinks between 1. and 3. tokens with the new key may fail.
Yes, I think you're right. THe time period is short enough, though, that
I think I can live with that.
thanks,
Steve Gaarder