[OpenAFS] Automatically Renewing Tokens?
Stephan Wiesand
stephan.wiesand@desy.de
Wed, 25 May 2011 18:52:52 +0200
On May 25, 2011, at 17:47 , Dave Botsch wrote:
> My experiences...
>=20
> on Windows, the afs client tray app will autorenew tokens for you.
>=20
> on Linux, you can start up krenew (part of the k5start package) when a
> user logs in (we do this for ssh logins then kill it on logout). For =
GUI
> linux logins, either krenew again or krb5-auth-dialog (the latest
> versions have an aklog plugin).
We applied a crude hack to the krb5-auth-dialog coming with EL6 (which =
has no plugin support yet) to make it run aklog. It's ugly, but it =
works...
On EL4/5/6, unlocking the GNOME/KDE screensavers should refresh tokens =
as well.
>=20
> On Wed, May 25, 2011 at 03:43:44PM +0000, Coy Hile wrote:
>> Good morning, all,
>>=20
>> I know that things exist to automatically renew kerberos tickets up
>> until the maximum renewal lifetime (Russ' k5start and Quest's
>> autorenew capability as part of Quest Authentication Services come =
to
>> mind) What are the suggested ways to auto-renew users' tokens as
>> well? Think Joe who doesn't logout of his PC and needs access to =
\\AFS
>> or someone who's running a screen session.
>>=20
>> Somewhat unrelated, is there the availablility to do the following at =
all:
>>=20
>> (1) Store %USERPROFILE% for windows users in a subdir of his user
>> volume in AFS (thus making roaming profiles easy)?
>> (2) Install Windows applications in \\AFS so that, for example, I =
need
>> only install Visual Studio or Office 2010 once and have all windows
>> boxes be able to find it?
--=20
Stephan Wiesand
DESY -DV-
Platanenenallee 6
15738 Zeuthen, Germany