[OpenAFS] UAC in Windows 7 prevents importing Kerberos TGT to NIM
Tue, 05 Apr 2011 13:51:35 -0700
I'm running Windows 7 Professional 64-bit, joined to an Active Directory domain
which is my Kerberos REALM for my OpenAFS cell. Everything works fine, but I
have recently noticed that when I login with a domain account, Network Identity
Manager does not seem to be automatically getting an AFS token. It just pops-up
a password prompt for my Kerberos "identity" as it calls it.
I did some searching and found this page in the NIM docs which seems to describe
which about half way down the page has this paragraph:
"On Windows Vista, Windows 7, and Windows Server 2008 the operating system does
not permit the importation of the Kerberos Ticket Granting Ticket if the active
user account is a member of the Administrators or Domain Administrators groups
and User Account Control (UAC) mode is active."
My domain account is a member of the local computer's Administrators group. Is
there any workaround besides completely disabling UAC?
In the mean time I removed my account from the local "Administrators" group, and
NIM works again.
School of Social Sciences
SSPA 4110 | 949.824.1536