[OpenAFS] OpenAFS 1.7.3/Heimdal 1.5.1 64-bit Auto-login oddity

Jeffrey Altman jaltman@secure-endpoints.com
Fri, 09 Dec 2011 16:53:57 -0500


This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enigE08BD67CA8BDE0C1F6BF5628
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

There is no ability in Vista or Win7 for a ticket to be obtained during
the Network Provider logon and stored in the MIT API session credential
cache.   The explorer logon hook that was used in XP/2003 to do so no
longer exists.

My plan is to develop a new credential cache mechanism that relies
on the Authentication Groups that are now in kernel with the afs
redirector driver.

There is no funding for this project.

Jeffrey Altman


On 12/9/2011 4:28 PM, Billy Beaudoin wrote:
> I've got OpenAFS 1.7.3 x64, OpenAFS 1.7.3 x86 tools, Heimdal 1.5.2
> x64, and NIM 2.0 x64 installing via Group Policy on a 64-bit box.
> Specifying domain-specific cell/realm info for auto-login in the
> registry, and using dns for everything in the krb5.conf.  Everything
> works perfectly on login, I get tokens, browsing \\afs is a dream. But
> when I launch NIM or do a klist, the kerberos TGT and afs/ tickets
> aren't there (which makes renewal and other stuff not work), and there
> isn't an error in the NIM log or the Event log after turning on
> tracing.  If I get tickets via NIM, I get everything I'd expect. klist
> -d doesn't give me the same info that NIM does unless I specify the
> API cache using a klist -c.  So I know something is wrong with my
> configuration, its credential cache related, and hopefully obvious to
> someone else but I've been staring at it way too long.
> Billy Beaudoin
> ITECS Systems
> NC State University
> _______________________________________________
> OpenAFS-info mailing list
> OpenAFS-info@openafs.org
> https://lists.openafs.org/mailman/listinfo/openafs-info


--------------enigE08BD67CA8BDE0C1F6BF5628
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)

iQEcBAEBAgAGBQJO4oN3AAoJENxm1CNJffh4YLUH/jHFJwTZIZGQTRWy04UlmS3N
RkHYJNjOe3/mOyz7DOx8mIqJbtH+XHr0CUEbCT+GndY9uBFsMDpNMLQBc2EbgBtX
YD+9apYEcbHLeXMeCaQWStCBeiqrRZUthiNQoAyCWsE4kM+BjGqaU8IwCSu0RNhp
ycGy7UAVvNWXM09Ryh4Wey6LOxdIFY1LQVLMX1wecahbto3a8sw0+/TwY2hspE14
9zqEBLkIu8tN6KW8begtQZUMm/5mjW8qy6XSp4Z5hhDS6/BE9DH/uAsUw1qvT/v9
4LxKm9lHLpJPNbVg0zCBoliQH1zDiDF98BpEZMpKTL2B489BOXi1TiqgKX4mq10=
=7ce+
-----END PGP SIGNATURE-----

--------------enigE08BD67CA8BDE0C1F6BF5628--