> I agree with you, I would like to see some xlock that renews kerberos > tickets also. I've yet to see a good design for this that isn't either vulnerable to the zanarotti attack, or needs xlock to be setuid root. I have seen implementations that combined both flaws :-)