-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 2012-04-20 07:52, Anders Nordin wrote:
Ok,
Bear with me because I might not have formulated the questions
correctly, I'm mostly a Windows admin and not entirely up to speed
on the AFS/Kerberos lingo.
Environment:
Windows 7 x64
On Apr 20, 2012, at 9:35 AM, Lars Schimmer wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 2012-04-20 07:52, Anders Nordin wrote:
Ok,
Bear with me because I might not have formulated the questions
correctly, I'm mostly a Windows admin and not entirely up to speed
on the
On 04/20/2012 09:35 AM, Lars Schimmer wrote:
From memory, during our Windows XP days (different OS, different
OpenAFS, different Network Identity Manager, different MIT Kerberos
for Windows), just locking and unlocking the computer refreshed the
AFS ticket.
How has this changed for Windows 7
On 20.04.2012 12:53, Anders Magnusson wrote:
On 04/20/2012 09:35 AM, Lars Schimmer wrote:
From memory, during our Windows XP days (different OS, different
OpenAFS, different Network Identity Manager, different MIT Kerberos
for Windows), just locking and unlocking the computer refreshed the
On Fri, 20 Apr 2012, Lars Schimmer wrote:
The problem is:
1) Automatic renewal of the tgt by NiM do not work on Windows 7. It did
on XP.
2) Letting NiM fetch a new tgt when the user unlocks the screen do not
work. It did on XP.
Windows 7 is not Windows XP, MS changed a lot based on security
On 04/20/2012 01:30 PM, Lars Schimmer wrote:
On 20.04.2012 12:53, Anders Magnusson wrote:
On 04/20/2012 09:35 AM, Lars Schimmer wrote:
From memory, during our Windows XP days (different OS, different
OpenAFS, different Network Identity Manager, different MIT Kerberos
for Windows), just
Anders:
If you configure the default credential cache to be MSLSA: then the LSA
credentials will be used.
The functionality (an explorer shell logon hook) that was used to copy
credentials at logon no longer exists on Vista and later versions of
the operating system. Since the functionality
On Friday, April 20, 2012 8:33:09 AM, Stephen Joyce wrote:
On Fri, 20 Apr 2012, Lars Schimmer wrote:
The problem is:
1) Automatic renewal of the tgt by NiM do not work on Windows 7. It
did
on XP.
2) Letting NiM fetch a new tgt when the user unlocks the screen do not
work. It did on XP.
Thanks Jeffrey, now lot of things became clearer :-)
But to solve this incident; since automatic renew in NiM do not work
but kinit -R aklog does work for the API cache, we are planning to
add this to the Task Scheduler. Do you see any problem with doing it
like this?
-- Ragge
On 04/20/2012
Automatic renewal in NIM is used at many sites so I think you need
to figure out what tickets you have and what cache is being used.
kinit -R does exactly the same thing that NIM does.
Of course, I don't know why the configuration is set to renew when
there is 1 minute left.
You want to renew
Ok,
Bear with me because I might not have formulated the questions correctly, I'm
mostly a Windows admin and not entirely up to speed on the AFS/Kerberos lingo.
Environment:
Windows 7 x64 Enterprise
OpenAFS 1.7.1000 (64-bit)
Network Identity Manager 2.0.1.903
MIT Kerberos for Windows
11 matches
Mail list logo
