OpenAFS CVS Commit: openafs/src/WINNT/install/NSIS by jaltman

cvs@GRAND.CENTRAL.ORG cvs@GRAND.CENTRAL.ORG
Thu, 14 Apr 2005 01:46:44 EDT


Update of /cvs/openafs/src/WINNT/install/NSIS
In directory GRAND.CENTRAL.ORG:/home/jaltman/openafs/cvs-1-3/src/WINNT/install/NSIS

Modified Files:
	OpenAFS.nsi 
Log Message:
DELTA windows-winlogon-logon-event-20050414
AUTHOR jaltman@secure-endpoints.com

 Apparently the problem with multi-domain forests with cross-
 realm trusts to non-Windows realms was not entirely solved.
 The authentication to the AFS SMB service failed because
 the wrong name was being used.  Using ASU as an example,
 the authentication was being performed with the name
 "QAAD\user" (an account in the forest root) and not
 "user@ASU.EDU (the MIT Kerberos principal used to login with)

 The solution was to add an additional dependency on KFW
 in order or to be able to easily obtain the client principal
 name stored in the MSLSA ccache TGT.  This information is
 used in two locations:

 - the pioctl() function

 - a new WinLogon Event Handler for the "logon" event.

 The pioctl function will now be able to use the correct
 name when calling WNetAddConnection2() and the "logon"
 event handler will now be able to call WNetAddConnection2().
 The hope is that the "logon" event handler will be called
 before the profile is loaded but I have not guarrantee
 that will happen.



--- DELTA config follows ---
windows-winlogon-logon-event-20050414 openafs/src/WINNT/install/NSIS/OpenAFS.nsi 1.76 1.77