On Fri, 2008-11-07 at 04:36 -0800, Peter Eriksson wrote: > Ah. Found the reason why ktkt_warnd didn't renew the tickets. Apparently one > needs > to modify /etc/krb5/warn.conf since that feature by default seems to be > disabled... > > Changing the line: > > * terminal 30m > > to: > > * renew:log-failure terminal 30m > > works much better. Ok... That solves the ticket-autorefresh issue.
Ah, I didn't think of this. warn.conf on OpenSolaris uses "renew" by default. Glad you solved the problem :) > Though I still think that xscreensaver should handle a non-readable $HOME in > a better > way... It's not good to have screen locking program that will lock up > "forever" (from a > users point of view) if they are away longer than the 'refresh until' timeout. > (Say for example they are way on a vacation). Recently in OpenSolaris pam_krb5 was changed so that it will get a new TGT when stacked on the xscreensaver pam stack. This helps too as even if the renew timeout has been reached a new TGT will be fetched. It hasn't been backported yet to S10 though (probably will be soon). See http://bugs.opensolaris.org/view_bug.do?bug_id=6455225 for more details. -M
