[OpenAFS] Automatic token renewal

Robbert Eggermont R.Eggermont@tudelft.nl
Wed, 08 Jul 2009 09:33:52 +0200

Sergio Gelato wrote:
> * Robbert Eggermont [2009-07-02 11:55:31 +0200]:
>> Our AD Kerberos servers serves tickets with a 10 hour expiration time,
>> thus my tickets (and AFS tokens) expire at night. I would like to
>> automatically renew my AFS token for all processes started from KDE
>> (which seem to be in the same PAG). Is there a "standard" solution for this?
> krenew should be good enough.

When using krenew, I keep hitting the problem where my Kerberos TGT is
updated by other processes (in other PAGs; ssh logins for one) and
krenew won't renew my AFS token in time.

How does everybody else deal with this? Any tips/best practices?

Would there be performance penalties when just running aklog every hour
for several hundreds of clients?

I read that aklog does not replace tokens with identical ones, but does
it compare the expiration time of the token to that of the TGT before
obtaining a new token?



Ps. I seem to be stuck with a Kerberos ticket cache in /tmp/krb5cc_xxxxx
(runnin linux)?

Robbert Eggermont                   Information & Communication Theory
R.Eggermont@TUDelft.nl         Electr.Eng., Mathematics & Comp.Science
+31 (15) 2783234                        Delft University of Technology