[OpenAFS] if user's afs token expires
Russ Allbery
rra@stanford.edu
Tue, 16 Aug 2005 10:03:40 -0700
Education Center <mailbox030403@mail.ru> writes:
> Hello!
> We use home dirs at AFS space and it works well for us. Although we
> still have the following challenge: when user's afs token expires then
> user looses an access to his home dir.
Right, that's sort of the whole point. :)
> The question is: what is a good practice to extend life time of user's
> afs token automatically without forcing user to re-login or manually
> calling kinit or klog utilities?
Well, if you're using Kerberos v5 plus aklog, you can use renewable K5
tickets and spawn a background daemon from your shell init files that
periodically renews the K5 ticket and refreshes the tokens.
Otherwise, the only option that I know of which doesn't require user
interaction is to increase the ticket lifetime. If you're running a pure
K4 kaserver environment, I think the maximum limit is 2 weeks, but I
haven't checked recently.
--
Russ Allbery (rra@stanford.edu) <http://www.eyrie.org/~eagle/>