When configuration is reloaded by a file change on the TR server, all the IDPs begin to be unable to contact the TR server due to Acceptor Identity different than expected.
Steps to reproduce:
1) Have a working TR infrastructure.
2) Launch a successful "tidc" query from an IDP (or even the TR)
3) Modify (or just touch!) the configuration file. The TR server detects the change and reloads configuration.
4) Try again with the "tidc" command and get the following:
Moonshot TID Client 3.0.2
TIDC Client:
Server = assent-tr.lxd, rp_realm = assent-tr.lxd, target_realm = assent.lxd, community = assent.lxd, port = 12309
Warning: dh_check failed with 8
: the g value is not a generator
tidc_open_connection: opening tidc connection to assent-tr.lxd:12309
gss_connect: Connecting to host 'assent-tr.lxd' on port 12309
Error returned by gss_init_sec_context:
major error <1> Invalid token was supplied
minor error <1> Acceptor identity different than expected
AuthenticateToServer failed: Acceptor identity different than expected (err = 2109382940)
Error in tidc_open_connection.
5) on the TR side you get this:
Configuration updated successfully.
ReadBuffer failed: Connection reset by peer (err = 104)
ReadToken failed: Connection reset by peer (err = 104)
Authenticate failed: Connection reset by peer (err = 104)
tids_handle_connection: Error authorizing TID Server connection.
I forgot to mention that restarting the TR server fix the issue.