[OpenAFS-win32-devel] Five questions on MSI and Heimdal
Jeffrey Altman
jaltman@columbia.edu
Fri, 23 Jul 2004 11:10:33 -0400
This is a cryptographically signed message in MIME format.
--------------ms000504020602080102070406
Content-Type: multipart/alternative;
boundary="------------090603020005050302030300"
This is a multi-part message in MIME format.
--------------090603020005050302030300
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Tommie Gannert wrote:
>>MSI and NSIS are both official. IS is dead.
>>
>>
>>
>
>Okay... So we have to equivalent ways of installing it. The only
>diffence being one is executable, the other requires MSI? Isn't that
>- ambiguous, or something?
>
>
>
You have two different ways of installing it. They are not equivalent.
Some organizations prefer MSIs so they can push installation out via
group policy.
Others are more comfortable modifying the NSIS scripts for their
installation.
>>You shouldn't be prompted for a password when accessing \\AFS\cell.
>>
>>
>
>Can it be because I'm logged in localy as Administrator, but
>accessing AFS as the network user?
>
>
>
what exactly does it mean to access AFS as the network user?
You are providing an alternative username to the SMB client to use when
establishing the
connection?
>And it wasn't the Cancel key, sorry. It was the OK button, but with
>user/password fields empty.
>
>
That means use the default account password and it is what should be
done automatically
for you.
What OS are you running on?
How are you authenticated to the OS? Local account? Kerberos 5
External Realm?
Smart card?
>Also, I get a ktc_SetToken() failure in KfW if I try to login without
>first accessing \\AFS, hitting OK in the password dialog.
>
>
That makes sense if you are not being authenticated to the SMB server
automatically
then the pioctl() call to set/get token will fail.
>>Although I don't recommend creating global mappings to cellnames.
>>
>>
>
>This confuses me. I should _not_ do a Global Drives->Add on Z: -> /afs/cell?
>Why are they called submounts? Where are the "mounts"?
>
>
On the global drives there is a "Description" field. That field is the
submount name.
What did you put there?
>>You should create a submount name
>>which maps to the cell and then global share the submount.
>>
>>
>
>Isn't that done implicitly when I do Global Drives->Add?
>Should I map the "share" via Windows Explorer?
>
>
This should be done for you when Global Drives->Add is used.
>(I could go on forever about things I don't understand in the Windows AFS GUI. :(
>It's probably most due to the SMB-architecture.)
>
>
No. Its because the UI sucks and needs to be completely re-written.
I just do not have time nor funding to make this happen.
--------------090603020005050302030300
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: 7bit
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type">
<title></title>
</head>
<body bgcolor="#ffffff" text="#000000">
Tommie Gannert wrote:<br>
<blockquote cite="midPine.GSO.4.58.0407231630210.20773@my.nada.kth.se"
type="cite">
<blockquote type="cite">
<pre wrap="">MSI and NSIS are both official. IS is dead.
</pre>
</blockquote>
<pre wrap=""><!---->
Okay... So we have to equivalent ways of installing it. The only
diffence being one is executable, the other requires MSI? Isn't that
- ambiguous, or something?
</pre>
</blockquote>
You have two different ways of installing it. They are not equivalent.<br>
Some organizations prefer MSIs so they can push installation out via
group policy.<br>
Others are more comfortable modifying the NSIS scripts for their
installation.<br>
<br>
<blockquote cite="midPine.GSO.4.58.0407231630210.20773@my.nada.kth.se"
type="cite">
<blockquote type="cite">
<pre wrap="">You shouldn't be prompted for a password when accessing \\AFS\cell.
</pre>
</blockquote>
<pre wrap=""><!---->
Can it be because I'm logged in localy as Administrator, but
accessing AFS as the network user?
</pre>
</blockquote>
what exactly does it mean to access AFS as the network user?<br>
You are providing an alternative username to the SMB client to use when
establishing the<br>
connection?<br>
<br>
<blockquote cite="midPine.GSO.4.58.0407231630210.20773@my.nada.kth.se"
type="cite">
<pre wrap="">And it wasn't the Cancel key, sorry. It was the OK button, but with
user/password fields empty.
</pre>
</blockquote>
That means use the default account password and it is what should be
done automatically<br>
for you. <br>
<br>
What OS are you running on?<br>
<br>
How are you authenticated to the OS? Local account? Kerberos 5
External Realm?<br>
Smart card?<br>
<blockquote cite="midPine.GSO.4.58.0407231630210.20773@my.nada.kth.se"
type="cite">
<pre wrap="">
Also, I get a ktc_SetToken() failure in KfW if I try to login without
first accessing \\AFS, hitting OK in the password dialog.
</pre>
</blockquote>
That makes sense if you are not being authenticated to the SMB server
automatically<br>
then the pioctl() call to set/get token will fail.<br>
<br>
<blockquote cite="midPine.GSO.4.58.0407231630210.20773@my.nada.kth.se"
type="cite">
<blockquote type="cite">
<pre wrap="">Although I don't recommend creating global mappings to cellnames.
</pre>
</blockquote>
<pre wrap=""><!---->
This confuses me. I should _not_ do a Global Drives->Add on Z: -> /afs/cell?
Why are they called submounts? Where are the "mounts"?
</pre>
</blockquote>
On the global drives there is a "Description" field. That field is the
submount name.<br>
What did you put there?<br>
<br>
<blockquote cite="midPine.GSO.4.58.0407231630210.20773@my.nada.kth.se"
type="cite">
<blockquote type="cite">
<pre wrap="">You should create a submount name
which maps to the cell and then global share the submount.
</pre>
</blockquote>
<pre wrap=""><!---->
Isn't that done implicitly when I do Global Drives->Add?
Should I map the "share" via Windows Explorer?
</pre>
</blockquote>
This should be done for you when Global Drives->Add is used.<br>
<br>
<blockquote cite="midPine.GSO.4.58.0407231630210.20773@my.nada.kth.se"
type="cite">
<pre wrap="">(I could go on forever about things I don't understand in the Windows AFS GUI. :(
It's probably most due to the SMB-architecture.)
</pre>
</blockquote>
No. Its because the UI sucks and needs to be completely re-written. <br>
I just do not have time nor funding to make this happen.<br>
<br>
<br>
</body>
</html>
--------------090603020005050302030300--
--------------ms000504020602080102070406
Content-Type: application/x-pkcs7-signature; name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime.p7s"
Content-Description: S/MIME Cryptographic Signature
MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIJPzCC
AvowggJjoAMCAQICAwxk8TANBgkqhkiG9w0BAQQFADBiMQswCQYDVQQGEwJaQTElMCMGA1UE
ChMcVGhhd3RlIENvbnN1bHRpbmcgKFB0eSkgTHRkLjEsMCoGA1UEAxMjVGhhd3RlIFBlcnNv
bmFsIEZyZWVtYWlsIElzc3VpbmcgQ0EwHhcNMDQwNTI3MTc1ODU4WhcNMDUwNTI3MTc1ODU4
WjBrMQ8wDQYDVQQEEwZBbHRtYW4xFTATBgNVBCoTDEplZmZyZXkgRXJpYzEcMBoGA1UEAxMT
SmVmZnJleSBFcmljIEFsdG1hbjEjMCEGCSqGSIb3DQEJARYUamFsdG1hbkBjb2x1bWJpYS5l
ZHUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDc3JqO5AsZrozd+mJ2mPuCTYo2
+nJ9Qq6jtUYtp7YTMW4d2Q6GLhNaHb1l9m74SxuY4f5vP6JtZjr6p9+LCCxD0w0NVLKRgUDp
z+tKFitbkJe9BSCxCURRvY3vdWA71gSCUvZAN3346hHb4oGVqgdpmfFJXYAHWpC46wiL72N9
WxySzY17/0eU0c8+r9dNoLpPQeL43O66O80jCl1qnXMaXaakZPsfm+5W90MYXhpQ1WIQpv02
lBn3BH5YE8xwbsNrw5AF4v7pjMuW85GI6FrDmfbpJX473Rpl5rmv3TpXkJ+7UsIIO1puyS8r
1o7kjDZ5EUYJxxglTGR6XL/RNzqHAgMBAAGjMTAvMB8GA1UdEQQYMBaBFGphbHRtYW5AY29s
dW1iaWEuZWR1MAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQEEBQADgYEAZYeVFCMP0iV+UVa0
eFoXkzMVl61CNAVY2YQ9/QQazO3G4qNiif35ArrnjPRDRj5M7WTeOCFqPVuvCttyJRiDKsEe
L4Yah22mRA3mR7x52j2FquPYZ9qCr1IhrNGzsMk+gopX5G0fTHZb6+uDu5SeMPNNcIznGA7M
CMpXAJ2PcKgwggL6MIICY6ADAgECAgMMZPEwDQYJKoZIhvcNAQEEBQAwYjELMAkGA1UEBhMC
WkExJTAjBgNVBAoTHFRoYXd0ZSBDb25zdWx0aW5nIChQdHkpIEx0ZC4xLDAqBgNVBAMTI1Ro
YXd0ZSBQZXJzb25hbCBGcmVlbWFpbCBJc3N1aW5nIENBMB4XDTA0MDUyNzE3NTg1OFoXDTA1
MDUyNzE3NTg1OFowazEPMA0GA1UEBBMGQWx0bWFuMRUwEwYDVQQqEwxKZWZmcmV5IEVyaWMx
HDAaBgNVBAMTE0plZmZyZXkgRXJpYyBBbHRtYW4xIzAhBgkqhkiG9w0BCQEWFGphbHRtYW5A
Y29sdW1iaWEuZWR1MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3NyajuQLGa6M
3fpidpj7gk2KNvpyfUKuo7VGLae2EzFuHdkOhi4TWh29ZfZu+EsbmOH+bz+ibWY6+qffiwgs
Q9MNDVSykYFA6c/rShYrW5CXvQUgsQlEUb2N73VgO9YEglL2QDd9+OoR2+KBlaoHaZnxSV2A
B1qQuOsIi+9jfVscks2Ne/9HlNHPPq/XTaC6T0Hi+NzuujvNIwpdap1zGl2mpGT7H5vuVvdD
GF4aUNViEKb9NpQZ9wR+WBPMcG7Da8OQBeL+6YzLlvORiOhaw5n26SV+O90aZea5r906V5Cf
u1LCCDtabskvK9aO5Iw2eRFGCccYJUxkely/0Tc6hwIDAQABozEwLzAfBgNVHREEGDAWgRRq
YWx0bWFuQGNvbHVtYmlhLmVkdTAMBgNVHRMBAf8EAjAAMA0GCSqGSIb3DQEBBAUAA4GBAGWH
lRQjD9IlflFWtHhaF5MzFZetQjQFWNmEPf0EGsztxuKjYon9+QK654z0Q0Y+TO1k3jghaj1b
rwrbciUYgyrBHi+GGodtpkQN5ke8edo9harj2Gfagq9SIazRs7DJPoKKV+RtH0x2W+vrg7uU
njDzTXCM5xgOzAjKVwCdj3CoMIIDPzCCAqigAwIBAgIBDTANBgkqhkiG9w0BAQUFADCB0TEL
MAkGA1UEBhMCWkExFTATBgNVBAgTDFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJQ2FwZSBUb3du
MRowGAYDVQQKExFUaGF3dGUgQ29uc3VsdGluZzEoMCYGA1UECxMfQ2VydGlmaWNhdGlvbiBT
ZXJ2aWNlcyBEaXZpc2lvbjEkMCIGA1UEAxMbVGhhd3RlIFBlcnNvbmFsIEZyZWVtYWlsIENB
MSswKQYJKoZIhvcNAQkBFhxwZXJzb25hbC1mcmVlbWFpbEB0aGF3dGUuY29tMB4XDTAzMDcx
NzAwMDAwMFoXDTEzMDcxNjIzNTk1OVowYjELMAkGA1UEBhMCWkExJTAjBgNVBAoTHFRoYXd0
ZSBDb25zdWx0aW5nIChQdHkpIEx0ZC4xLDAqBgNVBAMTI1RoYXd0ZSBQZXJzb25hbCBGcmVl
bWFpbCBJc3N1aW5nIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDEpjxVc1X7TrnK
mVoeaMB1BHCd3+n/ox7svc31W/Iadr1/DDph8r9RzgHU5VAKMNcCY1osiRVwjt3J8CuFWqo/
cVbLrzwLB+fxH5E2JCoTzyvV84J3PQO+K/67GD4Hv0CAAmTXp6a7n2XRxSpUhQ9IBH+nttE8
YQRAHmQZcmC3+wIDAQABo4GUMIGRMBIGA1UdEwEB/wQIMAYBAf8CAQAwQwYDVR0fBDwwOjA4
oDagNIYyaHR0cDovL2NybC50aGF3dGUuY29tL1RoYXd0ZVBlcnNvbmFsRnJlZW1haWxDQS5j
cmwwCwYDVR0PBAQDAgEGMCkGA1UdEQQiMCCkHjAcMRowGAYDVQQDExFQcml2YXRlTGFiZWwy
LTEzODANBgkqhkiG9w0BAQUFAAOBgQBIjNFQg+oLLswNo2asZw9/r6y+whehQ5aUnX9MIbj4
Nh+qLZ82L8D0HFAgk3A8/a3hYWLD2ToZfoSxmRsAxRoLgnSeJVCUYsfbJ3FXJY3dqZw5jowg
T2Vfldr394fWxghOrvbqNOUQGls1TXfjViF4gtwhGTXeJLHTHUb/XV9lTzGCAzswggM3AgEB
MGkwYjELMAkGA1UEBhMCWkExJTAjBgNVBAoTHFRoYXd0ZSBDb25zdWx0aW5nIChQdHkpIEx0
ZC4xLDAqBgNVBAMTI1RoYXd0ZSBQZXJzb25hbCBGcmVlbWFpbCBJc3N1aW5nIENBAgMMZPEw
CQYFKw4DAhoFAKCCAacwGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUx
DxcNMDQwNzIzMTUxMDMzWjAjBgkqhkiG9w0BCQQxFgQUdQRGbq3T0NtpW4D2yhuThIaYQFYw
UgYJKoZIhvcNAQkPMUUwQzAKBggqhkiG9w0DBzAOBggqhkiG9w0DAgICAIAwDQYIKoZIhvcN
AwICAUAwBwYFKw4DAgcwDQYIKoZIhvcNAwICASgweAYJKwYBBAGCNxAEMWswaTBiMQswCQYD
VQQGEwJaQTElMCMGA1UEChMcVGhhd3RlIENvbnN1bHRpbmcgKFB0eSkgTHRkLjEsMCoGA1UE
AxMjVGhhd3RlIFBlcnNvbmFsIEZyZWVtYWlsIElzc3VpbmcgQ0ECAwxk8TB6BgsqhkiG9w0B
CRACCzFroGkwYjELMAkGA1UEBhMCWkExJTAjBgNVBAoTHFRoYXd0ZSBDb25zdWx0aW5nIChQ
dHkpIEx0ZC4xLDAqBgNVBAMTI1RoYXd0ZSBQZXJzb25hbCBGcmVlbWFpbCBJc3N1aW5nIENB
AgMMZPEwDQYJKoZIhvcNAQEBBQAEggEAiParSXwr9Pd/kNqGWd8kVHaTUl542aAPoJz0acDf
vsxLa2SLk8XP5gTZ9idyG+ejaghI+YKsq2RPVQqQZ5QSL87TVxpCgPSb/GCB6ZrWtjW3EM9B
VnpzOdjbHw/VCx5UWe441sGQ/Pcw3hriyOVOaHY4lCwIvN/YDBmU43oSEV9Y1itOM4VS5Xmx
5KAyRubWAiL9JDrDT8QbeCaNJ+J9Qg6mgOgBOQdmwOgJ+wbmmurDoS/7BX+aOPZB4dkD3igk
ilQl9P86beez38+WEoX5FDM0DGF4RTmprzhABJw9gAgpRDRhEV6L/F4x0wBHdjbKZg2HTHWh
G/UVwR0X7gwhcgAAAAAAAA==
--------------ms000504020602080102070406--