[OpenAFS-devel] RE: Information on Windows 2k Integrated Logon
Cameron, Frank
cameron@ctc.com
Fri, 7 Sep 2001 19:18:22 -0400
> First - what is your interest in this area? Curiosity?
> Burning desire to
> improve AFS? Adding new features?
> That is; how can I support you in a better way?
Mostly curiosity; what finally prompted me to ask was my
attempts to build a Samba gateway that provides a usable,
light alternative AFS client. I have something that is
mostly workable except to automatically obtain the tokens
(not really a big deal to me personally, but a big
internal politics thing). I certainly did not want to
explore a custom GINA (and can't from a political
standpoint).
> Basically the service is notified when a logon event happens
> via call back:
> NPLogonNotify
> Located in \winnt\afsd\afslogon.c: NPLogonNotify().
> Within this procedure a call is made to
> ka_UserAuthenticateGeneral() to
> obtain a token. The token is gotten via an RPC call.
So basically:
- a network provider is registered
- a callback for NPLogonNotify to afslogon.dll is setup
- the username and password are passed into afslogon.dll
- a token is grabbed
Two things that occur to me:
I notice a similar function NPPasswordChangeNotify that
just returns 0. So, someday users can change their NT
passwords and keep their AFS passwords in sync?
NPLogonNotify supports returning a logon script name. So,
it is possible to have AFS logon scripts?
Thank-you very much. This has been very enlightening.
-frank