[OpenAFS] Questions regarding AFS ticket lifetime

Anders Magnusson ragge@ltu.se
Fri, 20 Apr 2012 12:53:26 +0200


On 04/20/2012 09:35 AM, Lars Schimmer wrote:
>>  From memory, during our Windows XP days (different OS, different
>> OpenAFS, different Network Identity Manager, different MIT Kerberos
>> for Windows), just locking and unlocking the computer refreshed the
>> AFS ticket.
>>
>> How has this changed for Windows 7 and our current setup, as this
>> no longer seems to be working?
> Remember the 2 different credential caches of windows - one of system
> at login and one for NetworkID Manager.
>
> On Login you get a ticket/token with the Windows Builtin credential
> cache which CANNOT be accessed by Network ID Manager.
> Only after you obtained a token manual in NetworkID manager it renews
> the token automatic and you can set the token lifetime with Network ID
> manager.
The problem is:
1) Automatic renewal of the tgt by NiM do not work on Windows 7.  It did 
on XP.
2) Letting NiM fetch a new tgt when the user unlocks the screen do not 
work.  It did on XP.

It gives a bad user experience to tell them that they need to fetch 
stuff manually,
since they did not need to do so on XP but now on Windows 7.  Therefore 
we need to
find out what is wrong since this was not a problem before (with XP).

-- Ragge