[OpenAFS-devel] RE: Windows 2000 Token authentication problems

Marc Dionne dionne@cs.wisc.edu
Wed, 12 Sep 2001 11:13:17 -0500


To throw in another data point, I'm also seeing the 1.1.1a afsd_service die in
a similar situation.  In our case, we don't use integrated logon, but we have a
custom GINA that uses many scripts from AFS, most of which run without having
any user logged in.  I haven't tried using 1.0.4 in a similar setup to see if
the problem existed in that version.  Our GINA does check that the service is
active before attempting to map a drive or use any files in AFS.

The AFS client itself seems to work fine once I manage to login and restart it,
and also works fine if I disable our GINA and use the default MS one.  This
same GINA has no problems with the IBM client; we use it extensively on
machines running versions 3.6-2.5 and 3.6-2.18 of the IBM client.

Marc Dionne

James Peterson wrote:

> This could be a problem with the changes made to integrated logon.   At
> least it certainly sounds like the solution could be found looking at this
> portion of the code.
>
> Did previous versions (before v1.0.4a) work?
>
> I would link to know if GINA is called before or after NPLogonNotify().
> Within NPLogonNotify procedure the AFSD_SERVICE is confirmed to be running
> and a suspend is done until the service is active.  The routine also makes
> a call to ka_UserAuthenticateGeneral().
>
> Because of the "suspend" code it seem possible that the service may not me
> running and something similar could be happing to GINA.   A thrown
> exception obtaining a mutex may be likely be a timing error.
>
> Maybe a timing pause in GINA code would help.
>
> James Peterson
> "Your response is appreciated."