[OpenAFS] False replay error with 1.7 on Win 7 client (fwd)

Jeffrey Altman jaltman@secure-endpoints.com
Wed, 12 Dec 2012 10:25:00 -0500


This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enig14E45DE07F5EFE16D6B3360A
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

On 12/12/2012 8:45 AM, Steve Gaarder wrote:
> On Tue, 11 Dec 2012, Harald Barth wrote:
>>
>> If you merge a new secret into the AFS key file on the server with a
>> new (high, say 10001) kvno, it should not. I have not tested this
>> though.
>=20
> Is there an advantage to such a high kvno?  As I understand it, the kvn=
o
> just has to be different from the one already in the keyfile.

There is no advantage and attempting to obtain a value that high should
not be attempted.  There are bugs in some Kerberos distributions when
the kvno is greater than 255.

Jeffrey Altman



--------------enig14E45DE07F5EFE16D6B3360A
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)

iQEcBAEBAgAGBQJQyKHMAAoJENxm1CNJffh4SYcH/2h2ppNTbZnSfa0+L+fEUolO
Y2Edhc/chhJ9bjaXzgk1gCOClNDbkbeJpSPUya/JXQp3JRZKR8sg10UuO1pzEg1c
9WRohQR7OPhp9SnpD+ahbTBAbDvCd93Axz3/wfiOawaXKVackfcO21CXTlnY7q3j
oOixqiLhmBmAqgfUlpEJDYths+zY0bpyfkAbvnw5CvaVf9Mk5AukdZlVNz1sNmUv
NcRYa1NHGeCD6sBuwr1UJbhwzKTE3Wh031tpvnHwBsQnFVhklXaLWjHeMgsET2T8
WH9FHtBUi1MB4xuF9jD3Kv4M6BEfFcZobVppniXUoGEpKbBNCk0xQBL5swwqeCY=
=fdXw
-----END PGP SIGNATURE-----

--------------enig14E45DE07F5EFE16D6B3360A--