Adam Megacz <[EMAIL PROTECTED]> writes: > Russ Allbery <[EMAIL PROTECTED]> writes:
>> Huh, interesting. I assume that the usage scenario here is that >> basically you want permanent AFS tokens for a user that you can still >> invalidate if you need to? > Oh, I hadn't thought of the invalidation aspect. Is there some easy way > to do this without that capability that I'm missing? Sure, increase the ticket lifetime to something incredibly high. I'm not sure what the maximum ticket lifetime is, but I know it's at least several weeks and I think more than that. The problem with just increasing the ticket lifetime is that you can't do anything about those issued tickets once they're out there until they expire. The advantage of forcing either a reauthentication or a renewal is that then you can deactivate the account and have that take effect within a reasonable amount of time. Another possibility would be to use a regular ticket lifetime but increase the maximum renewable lifetime to something like a year, and then just background a krenew process for users when they log in. Although you'd still have the problem of getting rid of it when they log out properly unless it was the parent of the shell. -- Russ Allbery ([EMAIL PROTECTED]) <http://www.eyrie.org/~eagle/> _______________________________________________ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info