[OpenAFS] AFS tokens when logging in on Windows clients
Jeffrey Altman
jaltman@your-file-system.com
Wed, 15 Feb 2012 17:31:44 -0500
This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enig60D00AEB0FFA222321D3AC85
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
If "LogonOptions" is set to 0, there is nothing configured to obtain AFS
tokens. If tokens are obtained by Network Identity Manager, it will be
when Network Identity Manager performs an auto-renewal which is not at a
specific time. Obtaining AFS Tokens at logon time is performed by
winlogon.exe/mpnotify.exe when it calls the NPLogonNotify() function of
the afslogon.dll.
Jeffrey Altman
On 2/15/2012 5:18 PM, John Perkins wrote:
> We've found our Windows 7 systems are reliable about obtaining kerberos=
> tickets when users login at our site (all user accounts are
> authenticated against an MIT kerberos KDC during login).
>=20
> Obtaining AFS tokens at the same time is not as reliable. Going into
> Network Identity Manager and renewing credentials typically will obtain=
> tokens. Running aklog will obtain tokens. 90-95% of the time tokens
> are obtained. This is with
> HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvide=
r\LogonOptions
> set to "0".
>=20
> I'm experimenting with setting the LogonOptions setting to "1" to see i=
f
> that clears up this issue. If having LogonOptions set to "1" is still
> necessary to reliably get AFS tokens generated at login time, I'm
> surprised we saw it work so often in the past with this registry key se=
t
> to "0".
>=20
> Any other suggestions to ensure users receive AFS tokens at login time?=
>=20
> John
>=20
> _______________________________________________
> OpenAFS-info mailing list
> OpenAFS-info@openafs.org
> https://lists.openafs.org/mailman/listinfo/openafs-info
--------------enig60D00AEB0FFA222321D3AC85
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
iQEcBAEBAgAGBQJPPDJSAAoJENxm1CNJffh4vJEH/0nbl7KCMJGXkc51C6oQ5+eX
LHgV9bT2RSxyEly5HvgPGqQzyjxCF3u3fb/Bo/DCmHq0DBtE51rd8EKpCFN0m6Xq
v/ydFrQx6SYaCUP9eKJ51D/L9FiUMVkSAez8W66s1vbNXVbbv04nCzFQd8Et6pHr
cEaXmt9k8OoRces+xRU2HzIqJtSsPj1UKW/qHGNc9nT/RO4KL28bN58gNz80vDYq
ur8IsWa125pG+EqcQcPENUoy4gwVHIg9gRTfT3rlmj8JrvadNSPBPtP4qkJzh6Oy
ribo0p+zonb/vqCAn5kKNrFYRe9XykfNOALmruwOaQHO6Iyynh6Iq7caRMlHhfM=
=46wH
-----END PGP SIGNATURE-----
--------------enig60D00AEB0FFA222321D3AC85--