[OpenAFS] Questions regarding AFS ticket lifetime (fwd)
Fri, 20 Apr 2012 09:41:27 -0400
This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
Content-Type: text/plain; charset=UTF-8
On Friday, April 20, 2012 8:33:09 AM, Stephen Joyce wrote:
> On Fri, 20 Apr 2012, Lars Schimmer wrote:
>>> The problem is:
>>> 1) Automatic renewal of the tgt by NiM do not work on Windows 7. It
>>> on XP.
>>> 2) Letting NiM fetch a new tgt when the user unlocks the screen do no=
>>> work. It did on XP.
>> Windows 7 is not Windows XP, MS changed a lot based on security and us=
>> Read the OpenAFS release notes about obtaining tokens on login:
>> "Integrated Logon will not transfer Kerberos v5 tickets into the user'=
>> logon session credential cache. This is no longer possible on Vista an=
>> Windows 7."
> I thought the gotcha above was only true if UAC was turned on AND the
> user in question was an admin.
> "On Windows Vista, Windows 7, and Windows Server 2008 the operating
> system does not permit the importation of the Kerberos Ticket Granting
> Ticket if the active user account is a member of the Administrators or
> Domain Administrators groups and User Account Control (UAC) mode is
> Have you tried ticket importing as a non-admin user and/or with UAC
> off? It must still be configured in the NIM options, of course.
> Cheers, Stephen
This is not a UAC issue. This is related to the lack of a logon and=20
logoff event handler in Vista and beyond.
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
-----END PGP SIGNATURE-----