[OpenAFS] Questions regarding AFS ticket lifetime
Fri, 20 Apr 2012 16:25:55 +0200
Thanks Jeffrey, now lot of things became clearer :-)
But to solve this incident; since automatic renew in NiM do not work
but kinit -R && aklog does work for the API cache, we are planning to
add this to the Task Scheduler. Do you see any problem with doing it
On 04/20/2012 03:40 PM, Jeffrey Altman wrote:
> If you configure the default credential cache to be MSLSA: then the LSA
> credentials will be used.
> The functionality (an explorer shell logon hook) that was used to copy
> credentials at logon no longer exists on Vista and later versions of
> the operating system. Since the functionality does not exist, the
> functions exported from kfwlogon.dll do not get executed and no
> Kerberos tickets can be copied in to the API: credential cache.
> I have plans to build a new in kernel credential cache mechanism using
> the AFS Authentication Groups available in the 1.7.x series. I have no
> available resources at the moment to implement it and I can't make a
> commitment as to when I will.
> At the moment afslogon.dll will obtain a new AFS token at logon, but it
> will not be renewable.
> Jeffrey Altman
> On Friday, April 20, 2012 9:25:13 AM, Anders Magnusson wrote:
>> Yes, I have seen that, but that do not explain the behaviour since I
>> have no wish to fetch thingd from MSLSA.
>> Integrated logon works, but fetching new krbtgt at unlock of the login
>> window does not.
>> And BTW, importing tickets from MSLSA to API seems to work (pressing
>> import button).
>> -- Ragge