> > On the kerbtray I can see a valid ticket (non-expired). > > If the user locks the desktop(ctrl-alt-del) and unlocks it its starts > > working fine again.
The TGT is expiring. TGT tickets have a "cumulative ticket life" that is limited by ticket renewal policy. When it expires the secret key is required to get a new one (e.g. the password via ctrl-alt-del). Look at the Renew Until field in kerbtray. Note that kerbtray does not update automatically. You must close it and relaunch it for it to update the information. I think you'll find that the Renew Until time is about 2 days. By default Windows will lock the desktop after a short time of inactivity so you're seeing this problem because you have somehow bypassed that policy. Or you have been working for two days straight in which case you have bigger problems than Kerberos ticket renewal policies - you need a new employer ;-) Mike -- Michael B Allen PHP Active Directory Kerberos SSO http://www.ioplex.com/ ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
