[OpenAFS] tokens for long processes

Matthew Cocker matt@cs.auckland.ac.nz
Sun, 12 Feb 2034 21:25:26 +1300


Hi

As I have mentioned in the list recently we are moving OpenAFS into full
production in our department. Unfortunately we still have loads of issues to
sort out, including how to keep long running processes that write to a users
home directory in AFS space happy. We are running a MIT Krb5/Openafs cell
with the max ticket life set to 10 hrs (I can't seem to make it any longer
than that so is that the maximum allowed by MIT krb5?). Unfortuantely we
routinely have users with processes which run for months. What methods have
others afs cells used to keep such processes happy. We have considered
writing a script that gets called by cron maybe using a keytab file, or
maybe just do a ticket renewal then rerun aklog. Is there a better way? I
have seen lots written about reauth, is that a solution?

Likewise has anyone found a solution for windows desktops that need long
term access to a home directory in afs? Has anyone written a screen saver
for windows that when unlocked renews afs tokens?

Thanks in advance for any help

Cheers

Matthew Cocker,
Computer Science Department
The University of Auckland