On Thu, 10 May 2012 15:08:09 -0400 Brandon Allbery <[email protected]> wrote:
> On Thu, May 10, 2012 at 2:36 PM, Jeff White <[email protected]> wrote: > > > ** I found something else. If I change /usr/afs/etc/krb.conf to > > include both realm names I can get it to give me a permission denied > > rather than hanging and generating thousands of errors: > > I have to admit I've been wondering about that since you mentioned > that you had only the foreign domain listed in krb.conf; I'd always > understood it to need both, although that seems like a very > unfortunate failure mode (which I bet nobody'd ever tested > previously). Guess I should have spoken up then. No, the local cell name is treated as one of the 'realm' names to accept. If your cell name is foo.bar, we accept @FOO.BAR regardless of what's in krb.conf. Older servers don't even support more than one realm in krb.conf, which is why the traditional advice is just to list the foreign one in there. The change in behavior is probably just a coincidence; there doesn't appear to be any change in fileserver behavior since we get the same error code both times (19270407). The different client behavior is just due to when we get the error; the 'spin on reporting tokens error' is a known bug when we try to contact vlservers with invalid creds; that's probably what it is. -- Andrew Deason [email protected] _______________________________________________ OpenAFS-info mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-info
