[OpenAFS] Integrated logon and locking/unlocking workstatations

Ryan L. Means rmeans@law.berkeley.edu
Tue, 28 Oct 2008 16:11:17 -0700

Jeffrey Altman wrote:
> There is no notification to any process that is running that
> the MSLSA obtained new Kerberos v5 tickets OR a hook that would
> obtain the user's name/password during unlocking to use to request
> a new TGT and AFS token.

So you're saying there really isn't any way to do the same thing on 
unlock that happens on login. Can you think of any other way to solve or 
work around this problem besides just telling the user to log out 
instead of locking? Unfortunately, they won't buy having to type in 
their password twice every time they come in in the morning.

> There is nothing abnormal about your setup.
> What are you using for a credential manager?

I'm using MIT KFW 3.2.2.