> Yes, but I get the impression from Renata's post that the job accually
> succeeds and a key skew would cause the backupsys to fail. The server
> will have to decrypt the administrators ticket with its Keyfile, and
> the admin ticket is encrypted with the afs entry in the DB. So if the
It might be worth noting that this is not the case if the command (in
this case, vos backupsys) is invoked with the -localauth switch. In that
case, the ticket is actually "constructed" by the client, using a key
from /usr/afs/etc/KeyFile. I'm not sure what algorithm it uses to pick a
key from there, but it seems possible that an extra key in the KeyFile
with a bogus kvno would cause a warning only for things using -localauth.
-- Jeffrey T. Hutzelman (N3NHS) <[EMAIL PROTECTED]>
Systems Programmer, CMU SCS Research Facility
Please send requests and problem reports to [EMAIL PROTECTED]
