[OpenAFS] Automatic token renewal

Russ Allbery rra@stanford.edu
Fri, 20 Nov 2009 00:15:34 -0800

Fr=C3=A9d=C3=A9ric Grelot <fredericg_99@yahoo.fr> writes:

> how to enable automatic tickets and token renewal, without requiring the
> user to enter "krenew -t" in a console? Is there no easier way of doing
> that than to have a script running at session opening that automatically
> calls krenew-t every, say 1 hour?

You will, regardless, have to have *something* running to refresh tickets
and tokens, since it won't happen by itself.  :)  You can kick off krenew
-bit -K 60 from a user's shell initialization files or take some similar
approach to start it automatically on login.

> By the way, since I added the openafs module in common-session and
> common-auth, if after some time of inactivty ubuntu suspends my session
> and asks me for a password to unlock it, will it send a new query to the
> servers (equivalent of a "kinit&&aklog") ?

Yes, if the PAM modules are correctly configured.

Russ Allbery (rra@stanford.edu)             <http://www.eyrie.org/~eagle/>