SUMMARY:keyserv problems

From: Wolfgang Leideck (leideck@pi3.informatik.uni-mannheim.de)
Date: Thu Sep 03 1998 - 01:18:38 CDT


Hello.
I've got the explanation from Rahul who has send me a bug report from sun
(article 4086468):

keyserv is running on a mailhost using NIS+ for authentication. The mailhost
exports the /var/mail directory to the other machines.
The error pops up every time you send mail to two particular users (there could
be others). The documentation on the error asks your to check if keyserv is
running (it is running), ask the client to do a keylogin (which cannot be done
as the users were not present and should not be a requirement at least for
receiving their mail).
The error says that it cannot find the private key for the user to do a
transaction with the server, but putting mail into the mail box should
not require this key, because many times the mailhost is just a NIS+
client and nobody directly logs to the mailhost but log on to their own
workstation and mount var/mail/ from the machine.
In such a situation the keyserv on mailhost will never have the private
key, as the user is very unlikely to login directly to the mailhost.

Sun provides a work around:
Modify the syslog.conf file to ignore these messages. Note that as
these are logged as LOG_INFO this will also stop logging other LOG_INFO
and LOG_DEBUG messages.

My solution is take no notice of this error.
Thanks for your help
Wolfgang

Here the original question
> Hello.
> A look into the syslog file shows me several warnings about keyserv:
> pi3 mail.local: authdes_refresh: keyserv(1m) is unable to encrypt session key
>
> How can i avoid this message and what does it mean?
>
> Thanks
> Wolfgang

-- 
Wolfgang Leideck * University of Mannheim * Dep. PI III
D7,27 * Raum 409 * D 68161 Mannheim
Phone: +49 621 292 8815 * Fax: +49 621 292 8818
Email: leideck@pi3.informatik.uni-mannheim.de



This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:12:48 CDT