[Thinlinc-technical] Kerberos ticket refresh/netapp remount issues
Kevin Kwan
kkwan at worldfinancialdesk.com
Wed Oct 30 13:37:13 CET 2013
Well, thanks for responding -
Upon further testing I noticed 2 other things:
A) the tickets actually do extend on if you kinit after login -
B) for some reason, if you do df -h . immediately after login it would show
the NFS mounted home directory as - in other words, it was as if thinlinc
is not aware that the homedir is mounted on NFS and does not request a
service ticket from the NFS mountpoint. However, other service tickets are
generated on request (host tickets for logins, HTTP tickets for sites using
mod-auth-ken in apache) and listed...just not the NFS mount.
On Oct 30, 2013 8:25 AM, "Darrel Hankerson" <hankedr at auburn.edu> wrote:
> "Kevin Kwan (Work)" writes:
>
> [kerberos on Debian] I also do not see session reconnects refresh the
> initial TGT (extend the expiration time).
>
> I don't think this is thinlinc-specific unless you mean that thinlinc
> should auto renew/refresh. I've seen several sites that teach users to
> do their own renew/refresh, although this assumes some sophistication on
> the user side.
>
> There are tools that can help. Winbind (when calling MS-Windows KDC)
> can be configured to automate. This needs extra help if users expect
> jobs to run after logout. We are not using kstart, but it is part of
> Debian and is designed to help automate.
>
> We run a daemon that does renew/refresh for users. If you require only
> renew, then things are easy.
>
> --
> Darrel Hankerson
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cendio.se/pipermail/thinlinc-technical/attachments/20131030/9800f257/attachment-0007.html>
More information about the Thinlinc-technical
mailing list