Jeffrey Altman <[EMAIL PROTECTED]> wrote: > Tokens obtained via the AFS SysTray tool are auto-renewed by > the SysTray tool but Leash will only auto-renew for one cell. > Tokens for multiple cells can be obtained using the same > Kerberos 5 principal without entering a password in the AFS > SysTray tool. (See afs-install-notes.txt) > > Tokens for both cells can be obtained during integrated login > using the "TheseCells" registry setting. (See registry.txt)
Oki, then I think I know what my problem is. Can you please just check that I got the facts right. As the users login using an external KDC trust the initial tickets are stored in the MSLSA. afscreds.exe will find and use the TGT from the MSLSA and use this to get tokens for the cells specified in the TheseCells registry setting. afscreds.exe will renew tokens as needed finding updated TGTs (after user unlocks screen) in MSLSA. I do not need to have leash running. (The local AFS cell is missing some part of 2b.) The reason I get tokens for central and a login dialog for local is that 2b is not working for local. In UNIX I can workaround the broken 2b by setting 'afs-use-524 = local' in krb5.conf there is no such setting in OpenAFS/Kerberos for Windows. _______________________________________________ OpenAFS-info mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-info
