[OpenAFS] Automatic token renewal
Wed, 08 Jul 2009 09:33:52 +0200
Sergio Gelato wrote:
> * Robbert Eggermont [2009-07-02 11:55:31 +0200]:
>> Our AD Kerberos servers serves tickets with a 10 hour expiration time,
>> thus my tickets (and AFS tokens) expire at night. I would like to
>> automatically renew my AFS token for all processes started from KDE
>> (which seem to be in the same PAG). Is there a "standard" solution for this?
> krenew should be good enough.
When using krenew, I keep hitting the problem where my Kerberos TGT is
updated by other processes (in other PAGs; ssh logins for one) and
krenew won't renew my AFS token in time.
How does everybody else deal with this? Any tips/best practices?
Would there be performance penalties when just running aklog every hour
for several hundreds of clients?
I read that aklog does not replace tokens with identical ones, but does
it compare the expiration time of the token to that of the TGT before
obtaining a new token?
Ps. I seem to be stuck with a Kerberos ticket cache in /tmp/krb5cc_xxxxx
Robbert Eggermont Information & Communication Theory
R.Eggermont@TUDelft.nl Electr.Eng., Mathematics & Comp.Science
+31 (15) 2783234 Delft University of Technology