[OpenAFS] if user's afs token expires

Russ Allbery rra@stanford.edu
Tue, 16 Aug 2005 10:03:40 -0700

Education Center <mailbox030403@mail.ru> writes:

> Hello!

> We use home dirs at AFS space and it works well for us. Although we
> still have the following challenge: when user's afs token expires then
> user looses an access to his home dir.

Right, that's sort of the whole point.  :)

> The question is: what is a good practice to extend life time of user's
> afs token automatically without forcing user to re-login or manually
> calling kinit or klog utilities?

Well, if you're using Kerberos v5 plus aklog, you can use renewable K5
tickets and spawn a background daemon from your shell init files that
periodically renews the K5 ticket and refreshes the tokens.

Otherwise, the only option that I know of which doesn't require user
interaction is to increase the ticket lifetime.  If you're running a pure
K4 kaserver environment, I think the maximum limit is 2 weeks, but I
haven't checked recently.

Russ Allbery (rra@stanford.edu)             <http://www.eyrie.org/~eagle/>