LICENSE MIT
The RXKADBADTICKET error is returned when a krb5 derived token is sent
to a server that does not support them. In a mixed cell it is possible
that some servers were not updated. Discarding the token does not make
it possible to perform the request successfully and adversely affects
the user experience because those servers that do support the token
can no longer be accessed in an authenticated manner. Users can't
determine what the cause is, all they see are their tokens disappearing
and there is nothing they can do about it anyway.
From now on return STATUS_NO_KERB_KEY and do not retry.
(cherry picked from commit
7a290f39ec303cb3473f63f7d9c634e767191279)
if ( timeLeft > 2 )
retry = 1;
}
- else if (errorCode == RXKADEXPIRED || errorCode == RXKADBADTICKET) {
+ else if (errorCode == RXKADEXPIRED) {
if (!dead_session) {
lock_ObtainMutex(&userp->mx);
ucellp = cm_GetUCell(userp, serverp->cellp);
else if (code == CM_ERROR_ALLOFFLINE || code == CM_ERROR_ALLDOWN) {
NTStatus = 0xC00000BEL; /* Bad Network Path */
}
- else if (code == RXKADUNKNOWNKEY) {
- NTStatus = 0xC0000322L; /* Bad Kerberos key */
+ else if (code >= ERROR_TABLE_BASE_RXK && code < ERROR_TABLE_BASE_RXK + 256) {
+ NTStatus = 0xC0000322L; /* No Kerberos key */
}
else if (code == CM_ERROR_BAD_LEVEL) {
NTStatus = 0xC0000148L; /* Invalid Level */
projects / packages / o / openafs.git / commitdiff