[OpenAFS] False replay error with 1.7 on Win 7 client (fwd)

Steve Gaarder gaarder1@math.cornell.edu
Wed, 12 Dec 2012 08:45:48 -0500 (EST)


On Tue, 11 Dec 2012, Harald Barth wrote:
>
> If you merge a new secret into the AFS key file on the server with a
> new (high, say 10001) kvno, it should not. I have not tested this
> though.

Is there an advantage to such a high kvno?  As I understand it, the kvno 
just has to be different from the one already in the keyfile.

>
>> 1. Create afs/math.cornell.edu@MATH.CORNELL.EDU
>> 2. Store the key in a keytab file
>> 3. Use asetkey to add the key to the keyfile on each of the AFS
>> servers
>
> Hmmm.
>
> Methinks between 1. and 3. tokens with the new key may fail.

Yes, I think you're right.  THe time period is short enough, though, that 
I think I can live with that.

thanks,

Steve Gaarder