Kerberos error message
Jim Barlow
jbarlow at ncsa.uiuc.edu
Wed Dec 11 12:48:07 EST 2002
That was an initial fix, however, the problem keeps cropping up. So in order
to "fix" it we have a cron that runs every minute which removes the replay
cache. One option is to compile w/o replay cache, which seems to decrease
security, and I am hesitant in doing that. I am curious if anyone else has
seen any problems like this before, or similar problems with the reply
cache. Is there any documentation on how the replay cache works which may
give me a clue as to why it's getting corrupted?
Thanks.
On Tue, Dec 10, 2002 at 10:18:11PM -0500, Ken Hornstein wrote:
> >Alot of our users have been getting the following popup error messages
> >when using their Eudora clients:
> >
> >Kclnt32 Server rejected: Server rejected authentication (during sendauth
> >exchange) Permission denied in replay cache code
> >
> >Our mail server has been undergoing a number of changes (upgrade of hardware,
> >different disks, etc.) and we didn't see any of these until recently. Has
> >anyone seen these before or know why they may appear?
>
> When I've seen this before, it's a result of corruption in the replay
> cache. I've simply deleted it (probably /var/tmp/rc_pop_0) and it fixes
> the problem.
>
> --Ken
--
James J. Barlow <jbarlow at ncsa.uiuc.edu>
Senior System/Security Engineer
National Center for Supercomputing Applications Voice : (217)244-6403
605 East Springfield Avenue Champaign, IL 61820 Cell : (217)840-0601
http://www.ncsa.uiuc.edu/~jbarlow Fax : (217)244-1987
More information about the Kerberos
mailing list