+Since 1.3.65:
+ * Added a new registry value [HKCU\SOFTWARE\OpenAFS\Client]
+ "Authentication Cell" which may be used to specify a default
+ authentication cell for afscreds.exe which is different from
+ the default cell for the AFS Client Service daemon.
+
+ * Added a Logoff WinLogon Event Notification function to afslogon.dll.
+ afslogon.dll moved to %WINDIR%\System32\.
+ New registry entries added to register the dll for Winlogon events.
+
+ The logoff event will now force a call to ktc_ForgetAllTokens()
+ using the context of the user being logged off.
+
+ Need to double check that this code does not prevent profile data
+ from being written back to an afs volume
+
+ * Windows XP SP2 Internet Connection Firewall interoperability
+ has been added.
+
+ * The %WINDIR%\afsdsbmt.ini contains four sections:
+ Submounts, Drive Mappings, Active Maps and CSC Policies.
+ The Submounts and CSC policies are now stored in the registry under
+ [HKLM\SOFTWARE\OpenAFS\Client\Submounts]
+ [HKLM\SOFTWARE\OpenAFS\Client\CSCPolicy]
+ The Drive Mappings and Active Maps are stored in the registry under
+ [HKCU\SOFTWARE\OpenAFS\Client\Mappings]
+ [HKCU\SOFTWARE\OpenAFS\Client\Active Maps]
+
+ There is no automatic migration of this data as it would be impossible
+ to consistently migrate data to user profiles which may not be active
+ when the machine is updated.
+
+ * The %WINDIR%\afs_freelance.ini contains lists of mountpoints for the
+ fake root.afs volume. For the same reasons as for the cellservdb file,
+ this information should not be in %WINDIR%. This information is now
+ kept under the registry key
+ [HKLM\SOFTWARE\OpenAFS\Client\Freelance]
+
+ The data from the afs_freelance.ini file will be automatically
+ migrated to the registry on first execution of afsd_service.exe
+
+ * Keeping the CellServDB file in the location %WINDIR%\afsdcell.ini is
+ troublesome for several reasons. One, it is confusing for those who
+ expect the file to be named "CellServDB" instead of "afsdcell.ini".
+ Two, this file is not a Windows Profile formatted file. Three,
+ applications should not be reading or writing to %WINDIR%. It causes
+ problems for Windows Terminal Server.
+
+ The new location of CellServDB will be the OpenAFS Client install
+ directory which is by default C:\Program Files\OpenAFS\Client and can
+ be determined by querying the registry for
+ [HKLM\SOFTWARE\TransarcCorporation\AFS Client\CurrentVersion]PathName
+
+ The existing afsdcell.ini will be migrated by the NSIS installer.
+ The Wix installer must still be updated to do the same.
+
+ * Change NSIS installer to use DNS by default; to remove Integrated Logon
+ High Security mode; and to add Terminal Services compatibility registry
+ entries to allow the OpenAFS tools to find the afsdcell.ini and other
+ configuration files in %WINDIR%.
+
+ * Add support for authenticated SMB connections. This will remove
+ the need for high security mode in most situations. Both NTLM
+ and Extended Security (GSS SPNEGO) modes are supported. Effectively,
+ only NTLM can be used even though Kerberos is now supported. The
+ reason is that it is not possible to construct a service principal
+ which is unique to each individual machine.
+
+ SMB Extended Auth does not work on XP SP2 unless one of two registry
+ modifications are made:
+
+ (1) To disable the check for matching host names on loopback connections
+ set this key. This does not require a reboot:
+
+ [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
+ "DisableLoopbackCheck"=dword:00000001
+
+ (2) To add the AFS SMB/CIFS service name to an approved list. This
+ does require a reboot:
+
+ [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0]
+ "BackConnectionHostNames"=multi-sz "AFS" "MACHINE-AFS"
+
+ afsd_service.exe will automatically add the current Netbios Name
+ to the BackConnectionHostNames list and then temporarily disable
+ the loopback check for one cycle of startup/shutdown of the service.
+ We assume most folks do not start/stop without a reboot so this
+ will be adequate in most cases.
+
+ * Fix security hole in afslogon.dll which allowed passwords to be
+ sent in clear text to the KDC in a misformed principal name.
+
+ * Fix cm_GetCell() to properly handle expired dns entries
+ without crashing
+
+ * If Freelance mode is active and the afs_freelance.ini
+ file does not exist, do not create an empty file.
+ Instead create a file containing ro and rw mountpoints
+ to the default cell using the standard conventions.
+
+ * Modify the Freelance support to handle the ability
+ to create rw mount points in the fake root.afs volume.
+
+ * Changed the RPC mechanism used for token setting from
+ named pipes to local. Use of named pipes can be restored
+ by setting the environment variable AFS_RPC_PROTSEQ to
+ "ncacn_np".
+
+ Named pipes were required when a Windows 9x system was
+ using a NT system in gateway mode which is incompatible
+ with our use of local loopback adapters.
+
+ * In afscreds.exe, if a username of the form user@REALM is
+ specified and no password is specified, do not perform a
+ kinit operation. Only perform the aklog functionality.
+
+ * Add a new registry value which allows the number of processors
+ on which afsd_service.exe executes to be restricted. Valid
+ values are 1..numOfProcessors
+
+ HKLM\SYSTEM\CurrentControlSet\Services\TransarcAfsDaemon\Parameters
+ (DWORD) MaxCPUs
+
+Since 1.3.64:
+ * A second MSI based installer option is now available.
+
+ * Fixed Kerberos 5 kinit functionality in afscreds.exe to properly
+ request tickets for user/instance@REALM instead of just user@REALM
+
+ * Modify the Power Management Notify routine to wait for the Hard Dead
+ timeout period instead of a fixed 19 seconds. With the longer timeout
+ periods Hibernation and Standby could never succeed when network
+ connectivity is not available.
+
+ * The following fs.exe commands are now restricted to Administrator:
+ - checkservers with a non-zero timer value
+ - setcachesize
+ - newcell
+ - sysname with a new sysname list
+ - exportafs
+ - setcell
+ - setserverprefs
+ - storebehind
+ - setcrypt
+ - cscpolicy
+ - trace
+
+ setting the default sysname for a machine should be done via the
+ registry and not via "fs sysname".
+
+ * NSIS installer adds options to install Debugging Symbols
+ and the Microsoft Loopback Adapter; the user is now also
+ given the ability to select the afscreds.exe startup options.
+
+ * Build system modified to generate symbols for FREE (aka RELEASE)
+ builds as well as CHECKED (aka DEBUG) builds
+
+ * Sites which have a volume ID of 0x20000001 assigned to their
+ root.afs volumes have been experiencing problems with accessing
+ the root.afs volume of their cell when Freelance mode has been
+ active. This was because 0x20000001 was assigned to the fake
+ root.afs volume created by freelance. The fake volume id is
+ now set to 0x00000001 to prevent conflicts.
+
+ * The timeout logic in the AFS Client Service has been wrong
+ for sometime. It is based on two different assumptions.
+ First, the SMB client timeout is a fix value as was the case
+ with OS/2 Lan Manager. This assumption is incorrect. The
+ SMB timeout in Windows is a dynamic value computed based upon
+ a fixed minimum timeout to which is added time based upon the
+ size of the request and the performance characteristics of
+ the connection. Second, it is the responsibility of the
+ SMB Server to enforce the timeout requirements of the client.
+ This is untrue. The SMB Server cannot be expected to know
+ the requirements of the client. More importantly, if the
+ SMB server uses the SMB client timeout as a value to restrict
+ its behavior as an RX client, the performance characteristics
+ of the local SMB session would be used to prematurely terminate
+ WAN connections with significantly different performance
+ characteristics.
+
+ The timeout logic has therefore been modified in the following
+ manner:
+ . the Lan Manager Workstation (SMB) Session Timeout is used only
+ as a basis for configuring the Connection Dead Timeout
+ and Hard Dead Timeout values. The Connection Dead Timeout
+ must be at least 15 seconds longer than the SMB Timeout
+ and the Hard Dead Timeout must be at least double the
+ Connection Dead Timeout.
+ . New registry entries have been added to allow the Connection
+ Dead Timeout and Hard Dead Timeout values independent of the
+ Lan Manager Workstation Session Timeout
+ . The test to enforce the SMB Client Timeout has been removed.
+
+ One of the side-effects of removing the enforcement of the SMB
+ Client Timeout is that regardless of whether or not the SMB client
+ is available to receive the response (and how would the SMB server
+ know) the RX protocol response can be used to update the AFS
+ Client Service state for ready access by future SMB client
+ requests.
+
+ This should be the end of the "Server paused or restarting messages"
+
+ * Fix "fs mkmount" command to work with UNC paths and when
+ started from non-AFS drives
+
+ * Add support for arbitrary UNC paths to the pioctl() support.
+ This enables the fs commands as well as the AFS Shell Extension
+ to work correctly when UNC paths are being used.
+
+ * Fix afscreds.exe (by updating afskfw.lib) to search for cells via
+ DNS if the cell configuration cannot be determined via CellServDB
+
+ * Add debug info to test whether CM_BUF_WAITING or CM_SCACHE_WAITING
+ are ever set more than once at a time
+
+ * Fix the management of lists of cm_cell_t structures when using
+ DNS to lookup cell information. The previous code would fail to
+ reuse the same cellID for a cell if DNS was used more than once
+ for a given cell name. When the ttl expired, a single cm_cell_t
+ could be inserted into the cm_allCellsp list more than once
+ producing a loop. In addition, the vlServerp list belonging to
+ the cell was not freed resulting in improper refCounting of the
+ servers.
+
+ * Add DNS support to cm_IoctlNewCell() which previous only examined
+ the CellServDB file
+
+ * Add cm_FreeServer() function and call it from cm_FreeServerList()
+ to properly garbage collect cm_server_t objects
+
+ * Add numVCs variable to smb.c to track the number of smb_vc_t
+ objects created and use it to initialize the vcID field which
+ previously was set to 0 in all objects resulting in FindByID
+ collisions.
+
+ * Fixed DNS lookups to work consistently throughout the OpenAFS
+ product instead of just from within the afsd_service.exe
+
+ * Added a runtime check to ensure that AFS Client Service SMB
+ Server is accepting connections before attempting to mount
+ global drives.
+
+ * Read IP addresses for volume servers out of the CellServDB
+ file if gethostbyname() on the hostname fails.
+
+ * Fix getcellconfig() to populate both the Hostnames as well
+ as IP addresses when loading cell data via DNS
+
+ * Increase the Connection Dead Time to 50 from 20 seconds
+ Increase the Hard Dead Time to 120 from 40 seconds
+ (matches the Unix values)
+
+ * Fixed an assertion validating the number of allocated NCBs
+
+ * Fixed the build environment to consistently build for
+ Windows 2000 and above. (APPVER = 5.0)
+
+ * Fixed rx_debug to properly validate the receipt in incoming
+ data with select() and recvfrom(). Do not copy data out of
+ the socket buffer unless success is indicated.
+
Since 1.3.63:
* afsd_service.exe will now display a message box to the
desktop when it terminates due to an IP Address Change.