[OpenAFS] Integrated logon and locking/unlocking workstatations

Jeffrey Altman jaltman@secure-endpoints.com
Thu, 30 Oct 2008 10:52:25 -0700

Anders Magnusson wrote:
> Not that I know how any of these things works in Windows, but wouldn't it be
> possible to get the LSA to keep track of and renew the afs ticket, and
> then just
> have a really small program that just asks the LSA for the afs principal
> and convert
> it to an afs token?  And then let the LSA handle everything around.

The LSA does not renew service tickets.

The LSA renews the TGT.  An application that requests a service ticket
obtains it using the TGT.

The application that periodically requests the AFS service ticket
and produces a token is NetIDMgr.

Jeffrey Altman