[OpenAFS] Windows XP and AFS

[Bruno Lopes]

At 10:15 02-08-2002 -0400, Kevin Coffman wrote:
> > Hello,
> > I've been trying to use AFS on Windows to load the user's profiles from an
> > AFS 'share', which i've been able to do using the Transarc client (since
> > the openafs one does not support global mapping). The problem is that as
> > soon as the profile is loaded the afs token disapears (most of the time).
> > So, to try to work around this problem i've tried to call a program that
> > does the same as ms2mit and aklog together. Then the token appears, but
> > sometimes it disappears a couple of seconds after the retrieval of the 
> token.
> > This behavior happens about half the times, but when the token "survives"
> > the client seems to work perfectly for the lenght of the token life.
> > Has anyone seen this kind of behavior, or has any clues as to why this 
> happens?
> > Thank you in advance
> >
> > Bruno Lopes
>
>I assume you are using MIT K5 since you're using aklog.  We saw a
>problem
>where the token lifetime was interpretted as zero because of the
>lifetime
>of the afs principal in the K5 DB.  It was an incredibly long time that
>was being interpretted as negative, and thus zero, and was the result
>of the
>afs->K5 migration.  This didn't seem to be a problem for unix clients,
>but
>was for windows clients.  If the max lifetime for the afs principal is
>somehow messed up on one, but not all of the KDCs, this could be your
>problem.  Just a shot in the dark...

Hum, so if we reduce the lifetime of the afs principal (token/ticket?) this 
problem should go away, right? (if this is indeed what is happening)
How long is "incredibly long"? The ticket we are asking for had (i believe) 
a lifetime of 24h.
What keeps nagging me is that sometimes the ticket "sticks", sometimes it 
doesn't...
Thank you anyway, I shall try to reduce the lifetime to see if it solves it...

Bruno Lopes