OpenAFS CVS Commit: openafs/src/WINNT/install/NSIS by jaltman

[cvs@GRAND.CENTRAL.ORG]

Update of /cvs/openafs/src/WINNT/install/NSIS
In directory GRAND.CENTRAL.ORG:/home/jaltman/openafs/cvs-1-5/src/WINNT/install/NSIS

Modified Files:
      Tag: openafs-devel-1_5_x
	OpenAFS.nsi 
Log Message:
DELTA DEVEL15-windows-afslogon-20070328
AUTHOR jaltman@secure-endpoints.com

There are two serious problems with integrated logon:

(1) openafs afslogon.dll obtains Kerberos v5 tickets and then forwards them
    into the logon session.  This was done because MIT KFW did not have
    such functionality.   As of KFW 3.1, KFW does, so we are removing it.

    the functionality worked by copying the credentials to a FILE ccache
    and then using the Logon Event Handler to move the credentials into
    an API ccache and delete the temporary file.  For non-interactive
    logons the Logon Event handlers do not get triggered.  Neither do
    LogonScripts get executed.  As a side effect, for each logon a
    credential cache file was left behind.

(2) when combined with non-interactive logons, there are some very bad
    side effects if a network provider performs Kerberos v5 operations.
    Each logon occurs in a new logon session and will spawn a private
    copy of krbcc32s.exe.

    As a result, integrated logon is being disabled for non-interactive
    logons.


--- DELTA config for openafs-devel-1_5_x follows ---
DEVEL15-windows-afslogon-20070328 openafs/src/WINNT/install/NSIS/OpenAFS.nsi 1.88.4.8 1.88.4.9