[OpenAFS] Re: Token Lifetime

Andrew Deason adeason@sinenomine.net
Wed, 26 Jun 2013 18:55:50 -0500

On Wed, 26 Jun 2013 13:34:50 -0700 (PDT)
J <skyliner306@yahoo.com> wrote:

> Regarding your question about OpenAFS info on token lifetime, I found
> it on this page by Googling "openafs token lifetime":
> http://docs.openafs.org/AdminGuide/HDRWQ63.html

Yes, that page is talking about a kaserver environment. You are using a
Kerberos 5 KDC, which is the recommended way, and replaces the kaserver.
So, most of the stuff on that page doesn't apply to you. The very last
section on the page makes a very brief reference to this.

> It appears to be in the current admin guide, which is linked in the
> "documentation" page on the OpenAFS site.
> Now admittedly I'm an AFS noob and I've barely scratched the surface
> of AFS configuration and capabilities.  I should add that I don't
> administer any AFS production servers, just a hobby, although I do
> work in IT.

>From what I recall, large portions of the Admin Guide are really
outdated, and you may just want to avoid it entirely. The Quick Start
Guide and manpages are more likely to be useful. Note that the specific
question you're asking is more of a Kerberos question than an AFS one,
so I don't know if your question is addressed anywhere else in our
documentation. That's not to say it shouldn't be there, though; if/when
you figure out what's wrong (I would look at Ben's response), feel free
to suggest a place where you think such information should go.

Normally I'd welcome you to propose changes to that page or the Admin
Guide in general, so the next person to come by doesn't ask the very
same question. However, given the state of the Admin Guide, that's
probably quite a lot to ask to someone who's new to AFS. (If you want to
contribute or suggest anything, though, we certainly still welcome

I do question the value of having the Admin Guide on the website at all,
if my understanding above is correct... I'm not sure how much
information vs misinformation is tends to provide.

Andrew Deason