There is no notification to any process that is running that the MSLSA obtained new Kerberos v5 tickets OR a hook that would obtain the user's name/password during unlocking to use to request a new TGT and AFS token.
There is nothing abnormal about your setup. What are you using for a credential manager? Jeffrey Altman Ryan L. Means wrote: > Good afternoon, > > We are just starting to use AFS here at the School of Law at UC > Berkeley. Everything seems to be working well with OpenAFS for Windows > and the integrated logon functionality that grabs a Kerberos 5 ticket > and then the AFS token. Unfortunately, it seems that when a user locks > their workstation, leaves for longer than the 10 hour ticket expiration > period, and then comes back, the ticket and token have expired and the > act of unlocking the workstation doesn't get another set. > > We do have an abnormal setup here where there are two realms, one MIT, > one AD. The passwords are synchronized between the realms, but the user > does log into their workstation using the AD identity and access AFS > resources with the MIT identity. So far, with the integrated login, this > hasn't been a problem. Is this locking/unlocking issue caused by the > split realms, or is there another force at work? > > Thanks to anyone who can help! > > Ryan > > _______________________________________________ > OpenAFS-info mailing list > [email protected] > https://lists.openafs.org/mailman/listinfo/openafs-info >
smime.p7s
Description: S/MIME Cryptographic Signature
