[OpenAFS] is this what windows folks call "integrated login"?

Adam Megacz adam@megacz.com
Sat, 21 Aug 2010 23:03:47 +0000

I have a MacOS laptop.  My username and local password on the laptop
happen to match my kerberos username and password.  My kerberos tickets
expire after 10 hours, but are renewable for 10 *days*.

It occurred to me that it would be nifty if my laptop acquired kerberos
tickets for me when I logged in (during the brief window when my
un-hashed password is present in laptop RAM), and made an attempt to
renew them once an hour (if connected to the network).  This would save
me having to do a separate kinit after logging in, and having to
re-kinit every 10 hours.  I've got a screensaver lock and encrypt my
swapfile, so I'm not too worried about physical theft issues resulting
in ticket theft.

Is there a piece of software that does this?  It's been a long, long
time since I used Windows, but it sounds like this feature is what the
Windows client calls "integrated login".  Or maybe not.  Either way, is
there a way to get MacOS to do this?


  - a