> > vsu_ClientInit: funny kvno (-4073) in ticket, proceeding
>
> As a first guess, I'd suspect a key version difference between the server
> ticket constructed from the key in /usr/afs/etc/KeyFile and that being
> used by the "afs" principal in the kerberos database. However, I have to
> confess that I'm really shooting from the hip here, and don't know whether
> or not such a server ticket is constructed by the "vos backupsys" command.
> If it were me, this would be the first place I'd look.
The code of vsu_ClientInit() tries to obtain a token for the "afs" principal
via a call to ktc_GetToken(). As such a token is returned. "Valid" kvno values
are in the interval [0..255]. Other values result in the message mentioned
above. However, in both cases kerberos authentication is used which means that
the message is just for your convenience ... So this may not bring light into
the darkness, but maybe somoe more information.
Does anyone no, how ktc_GetToken() actually obtains the token? What are the
"token constraints"? Just curious.
Best regards
-Peter
