[OpenAFS] UAC in Windows 7 prevents importing Kerberos TGT to
Tue, 05 Apr 2011 17:07:28 -0400
This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
Content-Type: text/plain; charset=UTF-8
You have two choices. Disable UAC or stop using an account that is a
member of the Administrators Group for day to day operations. I would
choose the latter.
On 4/5/2011 4:51 PM, Jonathan Nilsson wrote:
> I'm running Windows 7 Professional 64-bit, joined to an Active Director=
> which is my Kerberos REALM for my OpenAFS cell. Everything works fine, =
> have recently noticed that when I login with a domain account, Network =
> Manager does not seem to be automatically getting an AFS token. It just=
> a password prompt for my Kerberos "identity" as it calls it.
> I did some searching and found this page in the NIM docs which seems to=
> my situation:
> which about half way down the page has this paragraph:
> "On Windows Vista, Windows 7, and Windows Server 2008 the operating sys=
> not permit the importation of the Kerberos Ticket Granting Ticket if th=
> user account is a member of the Administrators or Domain Administrators=
> and User Account Control (UAC) mode is active."
> My domain account is a member of the local computer's Administrators gr=
> there any workaround besides completely disabling UAC?
> In the mean time I removed my account from the local "Administrators" g=
> NIM works again.
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
-----END PGP SIGNATURE-----