P.S.: I get timeouts with ssh logins even between patched 1.8.6 clients during aklog (tested by commenting aklog from pam settings -> no timeout). Token was obtained after timeout.
Cheers and thanks again, Ado Heinz-Ado Arnolds wrote on 14.01.21 18:45:
Dear Jeffrey, many thanks for your fast response from Germany too! When issuing "vos listvol <server>" on a patched 1.8.6 client to an 1.6.22.1 <server>, I still get "Could not get the list of partitions from the server. Possible communication failure". The same command works from a client running 1.6.23. I'm still having problems when doing an ssh from a patched 1.8.6 client to a server running an unpatched 1.8.6 and vice versa. The login process hangs during aklog. That means both machines have to run a patched 1.8.6? Thanks and cheers, Ado Neil Brown wrote on 14.01.21 18:19:On Thu, 14 Jan 2021, Jeffrey E Altman wrote:Patches to correct the flaw are available from OpenAFS Gerrit https://gerrit.openafs.org/14491 rx: rx_InitHost do not overwrite RAND_bytes rx_nextCid https://gerrit.openafs.org/14492 rx: update_nextCid overflow handling is brokenJeffrey, Informatics at the University of Edinburgh, are very grateful for you and AuriStor's quick response to this, as I'm sure are many other members of this list. Also thanks, to the other members of this list with their efforts in diagnosing the root cause. Hopefully we'll be able to try a patched version tomorrow. Thanks again, Neil
smime.p7s
Description: S/MIME Cryptographic Signature