[OpenAFS] Multiple tokens on Windows.

Jan Johansson janj+openafs@wenf.org
Mon, 25 Apr 2005 11:32:56 +0200


Hello.

I have a Windows 2003 active directory with Windows XP clients
that has OpenAFS for Windows 1.3.81 and Kerberos for Windows
2.6.5 installed.

There is trusts established between ad.local and the CENTRAL
kerberos realm. There is also cross realm established between
LOCAL and CENTRAL.

A user login to windows using their user@CENTRAL account. 

Now I wish for them to have tokens for both the local and central
AFS cells. This is no problem with a combination of leash/ms2mit
and aklog.

Ticket renewal is done when the user unlocks the screensaver.

But how does one get the renewal of AFS tokens to be transparent
for the user?

The best solution I have found is to run aklog every minute and
that does not seem like a nice solution.

Jan J