Re: [OpenAFS] rxk: authentication expired

Brandon Allbery Fri, 14 Mar 2014 11:31:37 -0700

On Fri, 2014-03-14 at 13:39 -0400, Timothy Balcer wrote:

> I realize I can delete and add back the replica, and retry the
> release, however I am concerned about the error. How is it that an
> authentication can expire when the client is automatically reinitiated
> and aklog'd every 6 hours?


The token used for the operation is the one that was present when it is
started; refreshing in the middle will not affect it, as it's using a
passed copy of the token and not the one registered with your local
cache manager. vos can't really sensibly check before each RPC (or
worse, packet during a transmission --- as would have been needed here)
whether to re-retrieve your token from the cache manager.

The way around this is to use the -l parameter to kinit to get a ticket
with a longer lifetime; the token made from it will also have that
longer lifetime.

-- 
brandon s allbery kf8nh                           sine nomine associates
allber...@gmail.com                              ballb...@sinenomine.net
unix, openafs, kerberos, infrastructure, xmonad    http://sinenomine.net

:��T���&j)b�   b�өzpJ)ߢ�^��좸!��l��b��(���~�+����Y���b�ا~�����~ȧ~

Re: [OpenAFS] rxk: authentication expired

Reply via email to