[OpenAFS] Windows: Keep tokens in an AD environment

Christian chanlists@googlemail.com
Thu, 23 Feb 2023 14:43:54 +0100

Dear all,

we use openafs with computers joined to an AD. Upon login, users receive 
Kerberos tickets, and Network Identity Manager (NIM) will acquire tokens 
from that. Windows will make sure that the user has Kerberos tickets all 
the time, but at least in our environment, the AFS tokens expire after a 
day. Is there any way to have NIM monitor the afs tokens and get new 
tokens if the kerberos tickts have an expiry date beyond that of the AFS 
tokens? Or would one write a logon script that calls aklog every half 
hour? Thanks and best wishes,