[OpenAFS] Windows: Keep tokens in an AD environment
Hi Christian, If I recall correctly, the NIM would refresh the token if it also refreshed the ticket. I used it in a Linux-KDC environment, though. So, when Windows does that by itself, I wouldn't know if NIM is able to keep track of it. So, you could try to let NIM refresh the ticket after initial acquisition. I would go for the cheap timed-task option. I usually update after half the lifetime. This is what I do on Linux hosts as well. Kind regards, –Michael ___ OpenAFS-info mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-info
[OpenAFS] Windows: Keep tokens in an AD environment
Dear all, we use openafs with computers joined to an AD. Upon login, users receive Kerberos tickets, and Network Identity Manager (NIM) will acquire tokens from that. Windows will make sure that the user has Kerberos tickets all the time, but at least in our environment, the AFS tokens expire after a day. Is there any way to have NIM monitor the afs tokens and get new tokens if the kerberos tickts have an expiry date beyond that of the AFS tokens? Or would one write a logon script that calls aklog every half hour? Thanks and best wishes, Christian ___ OpenAFS-info mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-info
