[OpenAFS] default token lifetime in Windows OpenAFS client

Dj Merrill deej@thayer.dartmouth.edu
Thu, 13 Oct 2005 13:35:19 -0400


Jeffrey Altman wrote:

> There is a lifetime bug in OAFW which I will fix in the next release
> candidate.  You can take a look at the latest daily builds tomorrow at
> 
> 	http://web.mit.edu/jaltman/Public/OpenAFS/
> 	/afs/athena.mit.edu/user/j/a/jaltman/Public/OpenAFS/
> 
> When this is fixed, the Leash lifetime imported from the registry will
> be used correctly.

Hi Jeffrey,
	I installed and tested the 1.4 RC7 Windows client today, and
wanted to give you some feedback on it.

	It is a definite improvement, but there still seems to be
some slight issues with the token lifetime.

	With integrated login set, I get default AFS token lifetimes
of 17 days, 3 hours (411 hours) after logging in from the Windows
login prompt.

	If I manually discard the tokens, and obtain new tokens
using the OpenAFS tray tool, I get the correct lifetime of 25 hours,
which matches the registry setting for Leash.

	If I discard the tokens, go into the Leash GUI, and
manually initialize the Kerberos tickets, I get Krb5 tickets and
AFS token lifetimes of 21 hours.
	
	Any idea why the integrated login tokens do not match
the lifetime of the manually obtained tokens?

Thanks,

-Dj