Lynne Cohen Duncan <[EMAIL PROTECTED]> writes:
> I am in the process of installing AFS at my site, and have a question
> about ticket lifetimes. I had planned to use the default 25 hour lifetime,
> but my management doesn't want the users who leave themselves logged in
> overnight to be bothered by having their ticket expire.
> No matter what lifetime I choose, the users are going to have to develop
> a consciousness about ticket lifetimes. That aside, what are the issues
> I should consider in choosing the default ticket lifetime? Clearly
> there are in tradeoffs between convenience and security, and
> unless I can demonstrate the benefit of a shorter ticket lifetime,
> my management will insist on 30-day tickets.
> What lifetimes do other sites use?
We are still using a moldy old V4 Kerberos with 8hr lifetimes -- a major
pain around 4 in the afternoon. As soon as I get AFS3.2 all squared away
this is next on my list. We will probably going with 10 or 12 hours.
One nice touch is to hack xlock to get new tickets/token (check for mail,
a new MotD, etc) -- this hides things nicely provided your people are
in the xlock habit [a good thing, IMHO].
John
(substitute "lock" for "xlock" in a tty environment)
