[OpenAFS] Integrated logon and locking/unlocking workstatations
Ryan L. Means
Tue, 28 Oct 2008 14:37:46 -0700
We are just starting to use AFS here at the School of Law at UC
Berkeley. Everything seems to be working well with OpenAFS for Windows
and the integrated logon functionality that grabs a Kerberos 5 ticket
and then the AFS token. Unfortunately, it seems that when a user locks
their workstation, leaves for longer than the 10 hour ticket expiration
period, and then comes back, the ticket and token have expired and the
act of unlocking the workstation doesn't get another set.
We do have an abnormal setup here where there are two realms, one MIT,
one AD. The passwords are synchronized between the realms, but the user
does log into their workstation using the AD identity and access AFS
resources with the MIT identity. So far, with the integrated login, this
hasn't been a problem. Is this locking/unlocking issue caused by the
split realms, or is there another force at work?
Thanks to anyone who can help!