[OpenAFS] Integrated login in 1.7.x

Thomas Smith theitsmith@gmail.com
Mon, 19 Mar 2012 08:40:13 -0700


Hi,

The 1.7 series clients seem to work well on both Windows XP and Windows =
7 but there's been one significant difference from the 1.5 series that =
we're hoping to upgrade from (we're just testing the 1.7 series now).

The problem is that NIM is unable to secure credentials without =
prompting for a password--is this normal? This also happens at login =
(with integrated login enabled) or when opening NIM for the first time =
after boot (with integrated login disabled).

Our environment is AD-integrated and all AD logins match those in AFS =
and every user logs into to their computers, as well as AFS, using their =
AD credentials. In the 1.5 series client, AFS authentication was =
automatic at login.

I've also noticed that the Kerberos credentials don't auto-renew as I =
would expect. NIM is configured to auto-renew credentials--but =
credentials expire after 10 hours and then the user is required to take =
action to renew them.

Am I doing something wrong here?

In 1.5, we're using the following:

    OpenAFS 1.5.78
    KfW 3.2.2
    NIM 2.0.102.907

In 1.7, we're using the following:

    OpenAFS 1.7.8
    Heimdal 1.5.100.930
    NIM 2.0.102.907

Any help would be appreciated!

~ Tom=