Russ Allbery wrote: > Jeffrey Altman <[EMAIL PROTECTED]> writes: > > >>Now the question is what is the client doing with the RXKADEXPIRED >>error when it receives it from the server. The answer appears to >>be "not much". It looks to me as if the client is simply issuing >>a warning to the user that the tokens are expired. It does not >>actually remove the tokens or reset the connection. > > >>The Windows client will dump the tokens and reset the connection >>when an RXKADEXPIRED is received. Perhaps the Unix client needs >>to do the same. > > > The code is certainly present to do so, as I've seen it happen regularly. > The module logs a kernel message saying that the token has expired and > discards the token. > > Why it's not happening in this case, I have no idea.
I'm sure there is code in the client that identifies expired tokens and removes them. I just don't believe that code is associated in any way with the code that processes RXKADEXPIRED errors. At this point I would want to take a look at a client process that is suffering from this problem in a debugger. Or install a new client that has some very specific debug logging. I'm also suspicious of why the server has no code that specifically addresses RXKADEXPIRED errors if the client is allowed to send them to the server. Jeffrey Altman
begin:vcard fn:Jeffrey Altman n:Altman;Jeffrey org:Secure Endpoints Inc. adr:;;255 W 94TH ST PHB;NEW YORK;NY;10025;United States email;internet:[EMAIL PROTECTED] title:President tel;work:+1 212 769-9018 x-mozilla-html:TRUE url:http://www.secure-endpoints.com version:2.1 end:vcard
smime.p7s
Description: S/MIME Cryptographic Signature
