> You will, regardless, have to have *something* running to refresh > tickets > and tokens, since it won't happen by itself. :) You can kick off > krenew > -bit -K 60 from a user's shell initialization files or take some > similar > approach to start it automatically on login.
Ok, I understand this and that's what I missed. I think it will be either in some user "~/*rc", or in gnome "startup programs". > > By the way, since I added the openafs module in common-session and > > common-auth, if after some time of inactivty ubuntu suspends my > session > > and asks me for a password to unlock it, will it send a new query to > the > > servers (equivalent of a "kinit&&aklog") ? > > Yes, if the PAM modules are correctly configured. Good news. So would you confirm this behavior : -user logs in at the morning, kinit (its pam_krb5.so equivalent actually) is issued (say kinit -r 7d -l 24h) -krenew runs in the background and renews every 60 minutes thanks to what you told me -after 24hours, lifetime is still (roughly) at "24h left", and renewal time left is 6 days. -by chance, since the night passed, the computer locked the session, the user has to enter his password again -he recovers his sesssion, but now, renewal time got back to 7 days -furthermore, the "krenew -K 60" process now uses the new tickets, and, 24 hours later, we are in the same previous state : lifetime at 24h, and renewal time of 6 days. This way, the user never looses his session provided that he lets the computer lock the screen and logs in at least once every 7 days... (and I hope he will!) Thanks for your help, Frederic. > > -- > Russ Allbery ([email protected]) > <http://www.eyrie.org/~eagle/> _______________________________________________ OpenAFS-info mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-info
