Hi I am looking for a way to setup the Integrated Logon in such a way, that the aquired AFS Tokens can be renewed.
We are using the latest versions of OpenAFS (1.7.31) , NIM (2.102.907) and Heimdal Kerberos (1.6.2.0). We have identical user accounts stored in our central Unix Kerberos Realm (TU-BERLIN) which authenticates also the AFS and your windows domain WIN.TU-BERLIN.DE. Both Realms have a trust relationsship. On the windows clients the heimdal default realm is configured to TU- BERLIN.DE and the default AFS cell to TU-BERLIN.DE. The integrated logon works fine, but after login the NIM only shows the AFS Token aquired during the logon process but not the TGT and Service Certificate afs/[email protected] which must have been used to get the AFS Token für [email protected]. Is there any way to get access to the Kerberos Tickets from the integrated logon? Under Linux Kerberos can be configured to store its Tickets in a file und thus the TGT and also the Token can be renewed later. If I open the NIM and obtain a new TGT from TU-BERLIN.DE, the Token renewal works fine. However this would require all users to type in their password twice and in addition fiddle with the NIM at all. Do you have any idea how I can renew the AFS token without additional user interaction? Thanks very much Hendrik Naumann -- Dr. Hendrik Naumann Technische Universität Berlin Institut für Chemie, Sekr. C3 Leiter EDV Chemie Strasse des 17. Juni 115 10623 Berlin Tel.: +49 30 314 29892 Mobil: +49 172 314 0410 Fax: +49 30 314 29309 WWW: http://www.chemie.tu-berlin.de/it E-Mail: [email protected]
signature.asc
Description: This is a digitally signed message part.
