[OpenAFS] Automatic token renewal
Fri, 20 Nov 2009 10:41:56 -0800
Fr=C3=A9d=C3=A9ric Grelot <firstname.lastname@example.org> writes:
> So would you confirm this behavior :
> -user logs in at the morning, kinit (its pam_krb5.so equivalent
> actually) is issued (say kinit -r 7d -l 24h)
> -krenew runs in the background and renews every 60 minutes thanks to
> what you told me
> -after 24hours, lifetime is still (roughly) at "24h left", and renewal
> time left is 6 days.
> -by chance, since the night passed, the computer locked the session, the
> user has to enter his password again
> -he recovers his sesssion, but now, renewal time got back to 7 days
> -furthermore, the "krenew -K 60" process now uses the new tickets, and,
> 24 hours later, we are in the same previous state : lifetime at 24h, and
> renewal time of 6 days.
This is indeed what should happen. You'll want to run krenew with -i so
that it will cope with the ticket cache going away temporarily.
> This way, the user never looses his session provided that he lets the
> computer lock the screen and logs in at least once every 7 days... (and
> I hope he will!)
Russ Allbery (email@example.com) <http://www.eyrie.org/~eagle/>