[OpenAFS-devel] RE: Information on Windows 2k Integrated Logon

[Cameron, Frank]

> First - what is your interest in this area?  Curiosity?  
> Burning desire to
> improve AFS? Adding new features?
> That is; how can I support you in a better way?

Mostly curiosity; what finally prompted me to ask was my
attempts to build a Samba gateway that provides a usable,
light alternative AFS client.  I have something that is
mostly workable except to automatically obtain the tokens
(not really a big deal to me personally, but a big
internal politics thing).  I certainly did not want to
explore a custom GINA (and can't from a political
standpoint).

> Basically the service is notified when a logon event happens 
> via call back:
> NPLogonNotify
> Located in \winnt\afsd\afslogon.c: NPLogonNotify().
> Within this procedure a call is made to 
> ka_UserAuthenticateGeneral() to
> obtain a token.  The token is gotten via an RPC call.

So basically:
 - a network provider is registered
 - a callback for NPLogonNotify to afslogon.dll is setup
   - the username and password are passed into afslogon.dll
   - a token is grabbed

Two things that occur to me:

I notice a similar function NPPasswordChangeNotify that
just returns 0.  So, someday users can change their NT
passwords and keep their AFS passwords in sync?

NPLogonNotify supports returning a logon script name. So,
it is possible to have AFS logon scripts?

Thank-you very much.  This has been very enlightening.

-frank