Harald Barth wrote: >>This error is not RXKADEXPIRED but RXKADUNKNOWNKEY which is set by the >>server when the ticket received from the client was encrypted using a >>key whose kvno is unknown to the server. > > > Funny thing is that > > * new kinit and afslog did not help > * after restarting openafs, I _was_ able to communicate > with the server again. With the same ticket as before > (just did an "afslog"). > > So what did I miss? > > Harald.
I don't know what you missed but the cause of the error in this case is straight forward. It would be interesting to know what kvno the client thought its tokens had. It would also be useful to see the capture of the exchange with the service for this connection to see what the client was sending. Did you try unlogging and contacting the server again before you performed the kinit and afslog? You are using Kerberos 5 based tickets. Therefore, the kvno should have been a fixed magic value. I'm wondering if somehow this constant was overwritten by some invalid value. Jeffrey Altman
begin:vcard fn:Jeffrey Altman n:Altman;Jeffrey org:Secure Endpoints Inc. adr:;;255 W 94TH ST PHB;NEW YORK;NY;10025;United States email;internet:[EMAIL PROTECTED] title:President tel;work:+1 212 769-9018 x-mozilla-html:TRUE url:http://www.secure-endpoints.com version:2.1 end:vcard
smime.p7s
Description: S/MIME Cryptographic Signature
