[OpenAFS] AFS tokens when logging in on Windows clients
Wed, 15 Feb 2012 17:31:44 -0500
This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
Content-Type: text/plain; charset=UTF-8
If "LogonOptions" is set to 0, there is nothing configured to obtain AFS
tokens. If tokens are obtained by Network Identity Manager, it will be
when Network Identity Manager performs an auto-renewal which is not at a
specific time. Obtaining AFS Tokens at logon time is performed by
winlogon.exe/mpnotify.exe when it calls the NPLogonNotify() function of
On 2/15/2012 5:18 PM, John Perkins wrote:
> We've found our Windows 7 systems are reliable about obtaining kerberos=
> tickets when users login at our site (all user accounts are
> authenticated against an MIT kerberos KDC during login).
> Obtaining AFS tokens at the same time is not as reliable. Going into
> Network Identity Manager and renewing credentials typically will obtain=
> tokens. Running aklog will obtain tokens. 90-95% of the time tokens
> are obtained. This is with
> set to "0".
> I'm experimenting with setting the LogonOptions setting to "1" to see i=
> that clears up this issue. If having LogonOptions set to "1" is still
> necessary to reliably get AFS tokens generated at login time, I'm
> surprised we saw it work so often in the past with this registry key se=
> to "0".
> Any other suggestions to ensure users receive AFS tokens at login time?=
> OpenAFS-info mailing list
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
-----END PGP SIGNATURE-----