git.openafs.org Git - openafs.git/commit

windows-afslogon-20070328

There are two serious problems with integrated logon:

(1) openafs afslogon.dll obtains Kerberos v5 tickets and then forwards them
    into the logon session.  This was done because MIT KFW did not have
    such functionality.   As of KFW 3.1, KFW does, so we are removing it.

    the functionality worked by copying the credentials to a FILE ccache
    and then using the Logon Event Handler to move the credentials into
    an API ccache and delete the temporary file.  For non-interactive
    logons the Logon Event handlers do not get triggered.  Neither do
    LogonScripts get executed.  As a side effect, for each logon a
    credential cache file was left behind.

(2) when combined with non-interactive logons, there are some very bad
    side effects if a network provider performs Kerberos v5 operations.
    Each logon occurs in a new logon session and will spawn a private
    copy of krbcc32s.exe.

    As a result, integrated logon is being disabled for non-interactive
    logons.

author	Jeffrey Altman <jaltman@secure-endpoints.com>
	Wed, 28 Mar 2007 23:29:49 +0000 (23:29 +0000)
committer	Jeffrey Altman <jaltman@secure-endpoints.com>
	Wed, 28 Mar 2007 23:29:49 +0000 (23:29 +0000)
commit	934f76fb185ee5e162aee3bc9f5711079bbbca5b
tree	de0b249d57268b6a89c4e1579cd4de7ccfe18e74	tree \| snapshot
parent	60e5fc151ea0af4aa85a174ede774c949983962b	commit \| diff

src/WINNT/afsd/afslogon.c		diff \| blob \| history
src/WINNT/afsd/afslogon.h		diff \| blob \| history
src/WINNT/afsd/logon_ad.cpp		diff \| blob \| history
src/WINNT/install/NSIS/OpenAFS.nsi		diff \| blob \| history
src/WINNT/install/wix/files.wxi		diff \| blob \| history