[OpenAFS] False replay error with 1.7 on Win 7 client

Steve Gaarder gaarder1@math.cornell.edu
Thu, 13 Dec 2012 11:19:44 -0500 (EST) 

  This message is in MIME format.  The first part should be readable text,
  while the remaining parts are likely unreadable without MIME-aware tools.

--1417712618-1700708973-1355415446=:16640
Content-Type: TEXT/PLAIN; CHARSET=ISO-8859-15; format=flowed
Content-Transfer-Encoding: QUOTED-PRINTABLE
Content-ID: <alpine.LRH.2.02.1212131119241.16640@kemeny.math.cornell.edu>

I made the change and everything seems to be working fine.  Thanks for all=
=20
your advice and enjoy the holidays!

Steve Gaarder
System Administrator, Dept of Mathematics
Cornell University, Ithaca, NY, USA
gaarder@math.cornell.edu

On Wed, 12 Dec 2012, Brandon Allbery wrote:

> On Wed, Dec 12, 2012 at 8:45 AM, Steve Gaarder <gaarder1@math.cornell.edu=
>
> wrote:
>       On Tue, 11 Dec 2012, Harald Barth wrote:
>             1. Create afs/math.cornell.edu@MATH.CORNELL.EDU
>             2. Store the key in a keytab file
>             3. Use asetkey to add the key to the keyfile on
>             each of the AFS
>             servers
>=20
>
>       Methinks between 1. and 3. tokens with the new key may
>       fail.
>=20
>=20
> Yes, I think you're right. =A0THe time period is short enough, though,
> that I think I can live with that.
>=20
>=20
> If you script it (kadmin *is* scriptable in recent MIT, with some pain), =
the
> time between creating and adding to the first KeyFile can be milliseconds=
;
> script pushing that to the other servers and it's still likely to be a fe=
w
> seconds at most. =A0If using Heimdal, you can use 'ktutil get' and do the=
 first
> one in effectively a single operation (ktutil get -k AFS3KEYFILE:...
> afs/cell@REALM). =A0Then Kerberos-authenticated parallel ssh to push to t=
he
> other servers for minimum latency. =A0:)
>=20
> --
> brandon s allbery kf8nh =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =
=A0 =A0 =A0 sine nomine associates
> allbery.b@gmail.com =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =
=A0 =A0 =A0 =A0ballbery@sinenomine.net
> unix, openafs, kerberos, infrastructure, xmonad =A0 =A0 =A0 =A0http://sin=
enomine.net
>=20
>=20
>
--1417712618-1700708973-1355415446=:16640--