Di Pe <[email protected]> writes: > This seems to be a good idea. I used > export PROMPT_COMMAND="k5start -H 500" > and it does what it's supposed to do.
> One issue tough: k5start seems to look at ticket_lifetime instead of > renew_liefetime. ticket_lifetime is enforced to 10 hours by active > directory. If I don't use a cron job to renew the ticket users would > have to enter their credentials every few hours or so which is not > good if they run jobs over night. Yeah, you ideally want k5start to renew the ticket if it can, and if not, prompt. That's something that k5start -H should probably just do by default. It doesn't do that right now and it will require some coding. I'll add it to the to-do list. > Another problem we notice on our terminal server is that user sessions > are completely locking up when a ticket expires on a nfs mounted home > directory. It would be good if we had a cron job that forces a logout > for users where the ticket is about to expire in 60 minutes or less. Is > there a way to check for a happy ticket in a shell script without > getting a prompt if the ticket is not happy? Also a good idea. There isn't at the moment. -- Russ Allbery ([email protected]) <http://www.eyrie.org/~eagle/> ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
