Re: [OpenAFS-devel] "Lost contact with file server" problems

Mon, 22 Aug 2005 05:49:09 -0700 

Roland Kuhn wrote:

>>> The Abort code is RXKADEXPIRED (19270409L).   Would you verify that you
>>> still have a valid token and that your system clocks are in sync?
>>>
>> The clocks are perfectly synchronized and I'm pretty sure that the
>> batch jobs have valid tokens, otherwise I would see other failures as
>> well. Also, wouldn't it be very nasty to effectively disable a
>> complete client because one connection has no valid token?
>>
>> The other thing is: it is the _client_ which sends the first ABORT in
>> response to a challenge....
>>
> I've also captured the 'self-healing' of the client state, although I'm
> not able to make something of it myself. The full trace is at
> 
> http://www.e18.physik.tu-muenchen.de/~rkuhn/openafs.cap
> 
> It seems that 118 minutes after the failure the client makes a get-time
> call which succeeds, and then everything is happy again.
> 
> Ciao,
>                     Roland

I simply interpret that to mean that after 118 minutes the client
finally dumps the token and starts to make unencrypted file server
requests.

What I am seeing here is that the rx libary is detecting that the
token is expired.   It sends an abort to the server which simply
marks the client's connection in an error state.  Each subsequent
request from the client on that connection is responded to with the
expired token abort code.

Now the question is what is the client doing with the RXKADEXPIRED
error when it receives it from the server.   The answer appears to
be "not much".   It looks to me as if the client is simply issuing
a warning to the user that the tokens are expired.   It does not
actually remove the tokens or reset the connection.

The Windows client will dump the tokens and reset the connection
when an RXKADEXPIRED is received.   Perhaps the Unix client needs
to do the same.

Jeffrey Altman


begin:vcard
fn:Jeffrey Altman
n:Altman;Jeffrey
org:Secure Endpoints Inc.
adr:;;255 W 94TH ST PHB;NEW YORK;NY;10025;United States
email;internet:[EMAIL PROTECTED]
title:President
tel;work:+1 212 769-9018
x-mozilla-html:TRUE
url:http://www.secure-endpoints.com
version:2.1
end:vcard

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

Reply via email to