[OpenAFS] Automatically Renewing Tokens?
Wed, 25 May 2011 18:52:52 +0200
On May 25, 2011, at 17:47 , Dave Botsch wrote:
> My experiences...
> on Windows, the afs client tray app will autorenew tokens for you.
> on Linux, you can start up krenew (part of the k5start package) when a
> user logs in (we do this for ssh logins then kill it on logout). For =
> linux logins, either krenew again or krb5-auth-dialog (the latest
> versions have an aklog plugin).
We applied a crude hack to the krb5-auth-dialog coming with EL6 (which =
has no plugin support yet) to make it run aklog. It's ugly, but it =
On EL4/5/6, unlocking the GNOME/KDE screensavers should refresh tokens =
> On Wed, May 25, 2011 at 03:43:44PM +0000, Coy Hile wrote:
>> Good morning, all,
>> I know that things exist to automatically renew kerberos tickets up
>> until the maximum renewal lifetime (Russ' k5start and Quest's
>> autorenew capability as part of Quest Authentication Services come =
>> mind) What are the suggested ways to auto-renew users' tokens as
>> well? Think Joe who doesn't logout of his PC and needs access to =
>> or someone who's running a screen session.
>> Somewhat unrelated, is there the availablility to do the following at =
>> (1) Store %USERPROFILE% for windows users in a subdir of his user
>> volume in AFS (thus making roaming profiles easy)?
>> (2) Install Windows applications in \\AFS so that, for example, I =
>> only install Visual Studio or Office 2010 once and have all windows
>> boxes be able to find it?
15738 Zeuthen, Germany