[OpenAFS] OpenAFS 1.7.3/Heimdal 1.5.1 64-bit Auto-login oddity

Jeffrey Altman jaltman@secure-endpoints.com
Fri, 09 Dec 2011 16:53:57 -0500

This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

There is no ability in Vista or Win7 for a ticket to be obtained during
the Network Provider logon and stored in the MIT API session credential
cache.   The explorer logon hook that was used in XP/2003 to do so no
longer exists.

My plan is to develop a new credential cache mechanism that relies
on the Authentication Groups that are now in kernel with the afs
redirector driver.

There is no funding for this project.

Jeffrey Altman

On 12/9/2011 4:28 PM, Billy Beaudoin wrote:
> I've got OpenAFS 1.7.3 x64, OpenAFS 1.7.3 x86 tools, Heimdal 1.5.2
> x64, and NIM 2.0 x64 installing via Group Policy on a 64-bit box.
> Specifying domain-specific cell/realm info for auto-login in the
> registry, and using dns for everything in the krb5.conf.  Everything
> works perfectly on login, I get tokens, browsing \\afs is a dream. But
> when I launch NIM or do a klist, the kerberos TGT and afs/ tickets
> aren't there (which makes renewal and other stuff not work), and there
> isn't an error in the NIM log or the Event log after turning on
> tracing.  If I get tickets via NIM, I get everything I'd expect. klist
> -d doesn't give me the same info that NIM does unless I specify the
> API cache using a klist -c.  So I know something is wrong with my
> configuration, its credential cache related, and hopefully obvious to
> someone else but I've been staring at it way too long.
> Billy Beaudoin
> ITECS Systems
> NC State University
> _______________________________________________
> OpenAFS-info mailing list
> OpenAFS-info@openafs.org
> https://lists.openafs.org/mailman/listinfo/openafs-info

Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

Version: GnuPG v1.4.9 (MingW32)