[OpenAFS] OpenAFS 1.7.3/Heimdal 1.5.1 64-bit Auto-login oddity

Billy Beaudoin wrbeaudo@ncsu.edu
Wed, 14 Dec 2011 14:41:38 -0500

That would match with my experience on previous releases on the 1.5.x
series with KfW on 32-bit Win7.  Always had tickets in the credential
cache on 32-bit, but never on 64-bit.  I'm poking the 32-bit install
of 1.7.3/1.5.1 to add the Kerb4 .dlls back in and fix a couple other
GPO-related issues to make sure that it follows my previous
experiences as well, but haven't finished yet.

Billy Beaudoin
ITECS Systems
NC State University

On Wed, Dec 14, 2011 at 1:05 PM, Jeffrey Altman
<jaltman@secure-endpoints.com> wrote:
> On 12/14/2011 5:22 AM, Christopher Odenbach wrote:
>> Am 09.12.2011 22:53, schrieb Jeffrey Altman:
>>> There is no ability in Vista or Win7 for a ticket to be obtained
>>> during the Network Provider logon and stored in the MIT API session
>>> credential cache. The explorer logon hook that was used in
>>> XP/2003 to do so no longer exists.
>> This can only be true for 64 Bit Windows 7, because it is running on
>> our Windows 7 pool with 32 Bit machines. Logging into the machines
>> gets AFS token AND Kerberos ticket!
>> Christopher
> Are you sure the Kerberos ticket is not coming from the MSLSA ?