[OpenAFS] Questions regarding AFS ticket lifetime
Fri, 20 Apr 2012 09:40:06 -0400
This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
Content-Type: text/plain; charset=UTF-8
If you configure the default credential cache to be MSLSA: then the LSA=20
credentials will be used.
The functionality (an explorer shell logon hook) that was used to copy=20
credentials at logon no longer exists on Vista and later versions of=20
the operating system. Since the functionality does not exist, the=20
functions exported from kfwlogon.dll do not get executed and no=20
Kerberos tickets can be copied in to the API: credential cache.
I have plans to build a new in kernel credential cache mechanism using=20
the AFS Authentication Groups available in the 1.7.x series. I have no=20
available resources at the moment to implement it and I can't make a=20
commitment as to when I will.
At the moment afslogon.dll will obtain a new AFS token at logon, but it=20
will not be renewable.
On Friday, April 20, 2012 9:25:13 AM, Anders Magnusson wrote:
> Yes, I have seen that, but that do not explain the behaviour since I
> have no wish to fetch thingd from MSLSA.
> Integrated logon works, but fetching new krbtgt at unlock of the login
> window does not.
> And BTW, importing tickets from MSLSA to API seems to work (pressing
> import button).
> -- Ragge
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
-----END PGP SIGNATURE-----