OpenAFS CVS Commit: openafs/src/WINNT/install/NSIS by jaltman
Wed, 28 Mar 2007 18:30:46 EDT
Update of /cvs/openafs/src/WINNT/install/NSIS
In directory GRAND.CENTRAL.ORG:/home/jaltman/openafs/cvs-1-5/src/WINNT/install/NSIS
There are two serious problems with integrated logon:
(1) openafs afslogon.dll obtains Kerberos v5 tickets and then forwards them
into the logon session. This was done because MIT KFW did not have
such functionality. As of KFW 3.1, KFW does, so we are removing it.
the functionality worked by copying the credentials to a FILE ccache
and then using the Logon Event Handler to move the credentials into
an API ccache and delete the temporary file. For non-interactive
logons the Logon Event handlers do not get triggered. Neither do
LogonScripts get executed. As a side effect, for each logon a
credential cache file was left behind.
(2) when combined with non-interactive logons, there are some very bad
side effects if a network provider performs Kerberos v5 operations.
Each logon occurs in a new logon session and will spawn a private
copy of krbcc32s.exe.
As a result, integrated logon is being disabled for non-interactive
--- DELTA config for openafs-devel-1_5_x follows ---
DEVEL15-windows-afslogon-20070328 openafs/src/WINNT/install/NSIS/OpenAFS.nsi 18.104.22.168 22.214.171.124