→Security and Encryption: update with info about icons
"Server authentication" is enabled. While we're not really sure how it works, it theoretically makes the connection process less vulnerable to a man-in-the-middle attack. Even if it doesn't actually help, turning it on doesn't degrade performance, and connecting DTUs show a green check instead of a red X, which is more reassuring for users to see.
Only authorized and registered DTUs and smart cards can connect to the TJ Sun Ray network. Starting with the next release of Sun Ray Software (currently in beta testing), "client authentication" is available and is enabled by default.
By secure design, Kerberos tickets and AFS tokens always expire after a set amount of time, usually less than one day from when they were obtained or renewed. This may cause issues for users that do not log out at the end of the day. Without valid non-expired AFS tokens, you cannot read or write your own home directory, which will effectively end up dead-locking your session, requiring it to be hard terminated. To avoid this, users will need to do at least one of the following: