OpenAFS CVS Commit: openafs/src/WINNT/afsd by jaltman

cvs@GRAND.CENTRAL.ORG cvs@GRAND.CENTRAL.ORG
Tue, 13 Jul 2004 02:22:53 EDT


Update of /cvs/openafs/src/WINNT/afsd
In directory GRAND.CENTRAL.ORG:/home/jaltman/openafs/cvs-tree/src/WINNT/afsd

Modified Files:
	afsd_init.c 
Log Message:
DELTA ntlm-back-connection-hostnames-20040713
AUTHOR jaltman@mit.edu

Add function configureBackConnectionHostNames(void)

On Windows XP SP2, Windows 2003 SP1, and all future Windows operating systems       
there is a restriction on the use of SMB authentication on loopback connections.    
There are two work arounds available:                                               
                                                                                    
  (1) We can disable the check for matching host names.  This does not              
  require a reboot:                                                                 
  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]                         
    "DisableLoopbackCheck"=dword:00000001                                           
                                                                                    
  (2) We can add the AFS SMB/CIFS service name to an approved list.  This           
  does require a reboot:                                                            
  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0]                  
    "BackConnectionHostNames"=multi-sz                                              
                                                                                    
The algorithm will be:                                                              
  Check to see if cm_NetbiosName exists in the BackConnectionHostNames list         
   If not, add it to the list.  (This will not take effect until the next reboot.)  
      and check to see if DisableLoopbackCheck is set.                              
      If not set, set the DisableLoopbackCheck value to 0x1                         
                  and create HKLM\SOFTWARE\OpenAFS\Client  UnsetDisableLoopbackCheck
   else If cm_NetbiosName exists in the BackConnectionHostNames list,               
      check for the UnsetDisableLoopbackCheck value.                                
      If set, set the DisableLoopbackCheck flag to 0x0                              
      and delete the UnsetDisableLoopbackCheck value                                




--- DELTA config follows ---
ntlm-back-connection-hostnames-20040713 openafs/src/WINNT/afsd/afsd_init.c 1.33 1.34