[OpenAFS] Questions regarding AFS ticket lifetime
Fri, 20 Apr 2012 12:53:26 +0200
On 04/20/2012 09:35 AM, Lars Schimmer wrote:
>> From memory, during our Windows XP days (different OS, different
>> OpenAFS, different Network Identity Manager, different MIT Kerberos
>> for Windows), just locking and unlocking the computer refreshed the
>> AFS ticket.
>> How has this changed for Windows 7 and our current setup, as this
>> no longer seems to be working?
> Remember the 2 different credential caches of windows - one of system
> at login and one for NetworkID Manager.
> On Login you get a ticket/token with the Windows Builtin credential
> cache which CANNOT be accessed by Network ID Manager.
> Only after you obtained a token manual in NetworkID manager it renews
> the token automatic and you can set the token lifetime with Network ID
The problem is:
1) Automatic renewal of the tgt by NiM do not work on Windows 7. It did
2) Letting NiM fetch a new tgt when the user unlocks the screen do not
work. It did on XP.
It gives a bad user experience to tell them that they need to fetch
since they did not need to do so on XP but now on Windows 7. Therefore
we need to
find out what is wrong since this was not a problem before (with XP).