>We've had several instances here where someone logs on to one off our
>machines (Solaris 2.6, AFS 3.5 client binaries), and gets someone
>else's tokens. We don't use AFS 'login' (most of our users don't have
>AFS accounts), just the normal Solaris login, then 'klog -setpag'. Has
>anyone else experienced this, and can you offer any suggestions for
>stopping it? Thanks.
We experienced it a number of times a while ago, on Solaris 2.5.1, AFS 3.5
5.36 and 5.52. What was actually happening underneath was that two different
users had the same PAG, shown by identical numeric outputs for the two from
/usr/ucb/groups. To one of them, it looked like her token "wasn't working";
she didn't notice in the "tokens" output that it was someone else's AFS ID.
So she would klog, and the other one would lose her token. And they'd
ping-pong. (Or in one case, each of two different users did not have a PAG
at all, but shared the same symptom!).
Originally, Transarc claimed that 5.52 had fixed the problem. Then we had an
occurrence under 5.52; at least I was sure at the time that it was 5.52. But
since it has never occurred here again (that I've heard of), it certainly
causes me some doubt.
The problem always occurred on a large machine (8 CPUs, 100's of users).
