[OpenAFS-win32-devel] Five questions on MSI and Heimdal
Jeffrey Altman
jaltman@columbia.edu
Fri, 23 Jul 2004 11:51:06 -0400
This is a cryptographically signed message in MIME format.
--------------ms080508030107020503040400
Content-Type: multipart/alternative;
boundary="------------010104070101080700040101"
This is a multi-part message in MIME format.
--------------010104070101080700040101
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Tommie Gannert wrote:
>>>Can it be because I'm logged in localy as Administrator, but
>>>accessing AFS as the network user?
>>>
>>>
>>>
>>>
>>>
>>what exactly does it mean to access AFS as the network user?
>>
>>
>
>I just meant that I don't have a AFS user named "Administrator". And
>that I have to Leash32 tokens (as a different user) after Windows login.
>
>
ok. "Network user" in Windows has a different meaning.
You can have as many tokens obtained by as many Kerberos principals as
you would like.
They have nothing at all to do with the local Windows CIFS client
authenticating to
the AFS Client Service SMB/CIFS Server.
>Windows 2000 Pro SP4 (Swe)
>
>
>
I will try to do some more testing on 2000. I don't have a Swedish
version installed though.
>>How are you authenticated to the OS? Local account? Kerberos 5
>>External Realm?
>>Smart card?
>>
>>
>>
>
>Local account using password. I have Windows ksetup in a Kerberos5
>Heimdal realm, but I'm not using that (yet) for login.
>
>
>
Can you send me the %WINDIR%\TEMP\afsd_init.log file?
>>No. Its because the UI sucks and needs to be completely re-written.
>>I just do not have time nor funding to make this happen.
>>
>>
>
>Enlighteningly explicit. ;)
>
>The whole submounts (which right now is what confuses me) should be a
>SMB side effect, though.
>
>
I disagree. Submounts are shortcuts which allow you to go deep into an
afs tree
and allow things to be referenced as
\\AFS\submount
They are really useful. Its just that the way they are managed is so
unintuitive because
half the places where it should say "Submount name" in the UI it instead
uses terms
such as "Description" or "Comment".
--------------010104070101080700040101
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: 7bit
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type">
<title></title>
</head>
<body bgcolor="#ffffff" text="#000000">
Tommie Gannert wrote:<br>
<blockquote cite="midPine.GSO.4.58.0407231719300.20773@my.nada.kth.se"
type="cite">
<blockquote type="cite">
<blockquote type="cite">
<pre wrap="">Can it be because I'm logged in localy as Administrator, but
accessing AFS as the network user?
</pre>
</blockquote>
<pre wrap="">what exactly does it mean to access AFS as the network user?
</pre>
</blockquote>
<pre wrap=""><!---->
I just meant that I don't have a AFS user named "Administrator". And
that I have to Leash32 tokens (as a different user) after Windows login.
</pre>
</blockquote>
ok. "Network user" in Windows has a different meaning. <br>
You can have as many tokens obtained by as many Kerberos principals as
you would like.<br>
They have nothing at all to do with the local Windows CIFS client
authenticating to <br>
the AFS Client Service SMB/CIFS Server.<br>
<br>
<blockquote cite="midPine.GSO.4.58.0407231719300.20773@my.nada.kth.se"
type="cite">
<pre wrap="">
Windows 2000 Pro SP4 (Swe)
</pre>
</blockquote>
I will try to do some more testing on 2000. I don't have a Swedish
version installed though.<br>
<blockquote cite="midPine.GSO.4.58.0407231719300.20773@my.nada.kth.se"
type="cite">
<blockquote type="cite">
<pre wrap="">How are you authenticated to the OS? Local account? Kerberos 5
External Realm?
Smart card?
</pre>
</blockquote>
<pre wrap=""><!---->
Local account using password. I have Windows ksetup in a Kerberos5
Heimdal realm, but I'm not using that (yet) for login.
</pre>
</blockquote>
Can you send me the %WINDIR%\TEMP\afsd_init.log file?<br>
<blockquote cite="midPine.GSO.4.58.0407231719300.20773@my.nada.kth.se"
type="cite">
<blockquote type="cite">
<pre wrap="">No. Its because the UI sucks and needs to be completely re-written.
I just do not have time nor funding to make this happen.
</pre>
</blockquote>
<pre wrap=""><!---->
Enlighteningly explicit. ;)
The whole submounts (which right now is what confuses me) should be a
SMB side effect, though.
</pre>
</blockquote>
I disagree. Submounts are shortcuts which allow you to go deep into an
afs tree <br>
and allow things to be referenced as<br>
<br>
\\AFS\submount<br>
<br>
They are really useful. Its just that the way they are managed is so
unintuitive because<br>
half the places where it should say "Submount name" in the UI it
instead uses terms<br>
such as "Description" or "Comment".<br>
<br>
<br>
</body>
</html>
--------------010104070101080700040101--
--------------ms080508030107020503040400
Content-Type: application/x-pkcs7-signature; name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime.p7s"
Content-Description: S/MIME Cryptographic Signature
MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIJPzCC
AvowggJjoAMCAQICAwxk8TANBgkqhkiG9w0BAQQFADBiMQswCQYDVQQGEwJaQTElMCMGA1UE
ChMcVGhhd3RlIENvbnN1bHRpbmcgKFB0eSkgTHRkLjEsMCoGA1UEAxMjVGhhd3RlIFBlcnNv
bmFsIEZyZWVtYWlsIElzc3VpbmcgQ0EwHhcNMDQwNTI3MTc1ODU4WhcNMDUwNTI3MTc1ODU4
WjBrMQ8wDQYDVQQEEwZBbHRtYW4xFTATBgNVBCoTDEplZmZyZXkgRXJpYzEcMBoGA1UEAxMT
SmVmZnJleSBFcmljIEFsdG1hbjEjMCEGCSqGSIb3DQEJARYUamFsdG1hbkBjb2x1bWJpYS5l
ZHUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDc3JqO5AsZrozd+mJ2mPuCTYo2
+nJ9Qq6jtUYtp7YTMW4d2Q6GLhNaHb1l9m74SxuY4f5vP6JtZjr6p9+LCCxD0w0NVLKRgUDp
z+tKFitbkJe9BSCxCURRvY3vdWA71gSCUvZAN3346hHb4oGVqgdpmfFJXYAHWpC46wiL72N9
WxySzY17/0eU0c8+r9dNoLpPQeL43O66O80jCl1qnXMaXaakZPsfm+5W90MYXhpQ1WIQpv02
lBn3BH5YE8xwbsNrw5AF4v7pjMuW85GI6FrDmfbpJX473Rpl5rmv3TpXkJ+7UsIIO1puyS8r
1o7kjDZ5EUYJxxglTGR6XL/RNzqHAgMBAAGjMTAvMB8GA1UdEQQYMBaBFGphbHRtYW5AY29s
dW1iaWEuZWR1MAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQEEBQADgYEAZYeVFCMP0iV+UVa0
eFoXkzMVl61CNAVY2YQ9/QQazO3G4qNiif35ArrnjPRDRj5M7WTeOCFqPVuvCttyJRiDKsEe
L4Yah22mRA3mR7x52j2FquPYZ9qCr1IhrNGzsMk+gopX5G0fTHZb6+uDu5SeMPNNcIznGA7M
CMpXAJ2PcKgwggL6MIICY6ADAgECAgMMZPEwDQYJKoZIhvcNAQEEBQAwYjELMAkGA1UEBhMC
WkExJTAjBgNVBAoTHFRoYXd0ZSBDb25zdWx0aW5nIChQdHkpIEx0ZC4xLDAqBgNVBAMTI1Ro
YXd0ZSBQZXJzb25hbCBGcmVlbWFpbCBJc3N1aW5nIENBMB4XDTA0MDUyNzE3NTg1OFoXDTA1
MDUyNzE3NTg1OFowazEPMA0GA1UEBBMGQWx0bWFuMRUwEwYDVQQqEwxKZWZmcmV5IEVyaWMx
HDAaBgNVBAMTE0plZmZyZXkgRXJpYyBBbHRtYW4xIzAhBgkqhkiG9w0BCQEWFGphbHRtYW5A
Y29sdW1iaWEuZWR1MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3NyajuQLGa6M
3fpidpj7gk2KNvpyfUKuo7VGLae2EzFuHdkOhi4TWh29ZfZu+EsbmOH+bz+ibWY6+qffiwgs
Q9MNDVSykYFA6c/rShYrW5CXvQUgsQlEUb2N73VgO9YEglL2QDd9+OoR2+KBlaoHaZnxSV2A
B1qQuOsIi+9jfVscks2Ne/9HlNHPPq/XTaC6T0Hi+NzuujvNIwpdap1zGl2mpGT7H5vuVvdD
GF4aUNViEKb9NpQZ9wR+WBPMcG7Da8OQBeL+6YzLlvORiOhaw5n26SV+O90aZea5r906V5Cf
u1LCCDtabskvK9aO5Iw2eRFGCccYJUxkely/0Tc6hwIDAQABozEwLzAfBgNVHREEGDAWgRRq
YWx0bWFuQGNvbHVtYmlhLmVkdTAMBgNVHRMBAf8EAjAAMA0GCSqGSIb3DQEBBAUAA4GBAGWH
lRQjD9IlflFWtHhaF5MzFZetQjQFWNmEPf0EGsztxuKjYon9+QK654z0Q0Y+TO1k3jghaj1b
rwrbciUYgyrBHi+GGodtpkQN5ke8edo9harj2Gfagq9SIazRs7DJPoKKV+RtH0x2W+vrg7uU
njDzTXCM5xgOzAjKVwCdj3CoMIIDPzCCAqigAwIBAgIBDTANBgkqhkiG9w0BAQUFADCB0TEL
MAkGA1UEBhMCWkExFTATBgNVBAgTDFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJQ2FwZSBUb3du
MRowGAYDVQQKExFUaGF3dGUgQ29uc3VsdGluZzEoMCYGA1UECxMfQ2VydGlmaWNhdGlvbiBT
ZXJ2aWNlcyBEaXZpc2lvbjEkMCIGA1UEAxMbVGhhd3RlIFBlcnNvbmFsIEZyZWVtYWlsIENB
MSswKQYJKoZIhvcNAQkBFhxwZXJzb25hbC1mcmVlbWFpbEB0aGF3dGUuY29tMB4XDTAzMDcx
NzAwMDAwMFoXDTEzMDcxNjIzNTk1OVowYjELMAkGA1UEBhMCWkExJTAjBgNVBAoTHFRoYXd0
ZSBDb25zdWx0aW5nIChQdHkpIEx0ZC4xLDAqBgNVBAMTI1RoYXd0ZSBQZXJzb25hbCBGcmVl
bWFpbCBJc3N1aW5nIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDEpjxVc1X7TrnK
mVoeaMB1BHCd3+n/ox7svc31W/Iadr1/DDph8r9RzgHU5VAKMNcCY1osiRVwjt3J8CuFWqo/
cVbLrzwLB+fxH5E2JCoTzyvV84J3PQO+K/67GD4Hv0CAAmTXp6a7n2XRxSpUhQ9IBH+nttE8
YQRAHmQZcmC3+wIDAQABo4GUMIGRMBIGA1UdEwEB/wQIMAYBAf8CAQAwQwYDVR0fBDwwOjA4
oDagNIYyaHR0cDovL2NybC50aGF3dGUuY29tL1RoYXd0ZVBlcnNvbmFsRnJlZW1haWxDQS5j
cmwwCwYDVR0PBAQDAgEGMCkGA1UdEQQiMCCkHjAcMRowGAYDVQQDExFQcml2YXRlTGFiZWwy
LTEzODANBgkqhkiG9w0BAQUFAAOBgQBIjNFQg+oLLswNo2asZw9/r6y+whehQ5aUnX9MIbj4
Nh+qLZ82L8D0HFAgk3A8/a3hYWLD2ToZfoSxmRsAxRoLgnSeJVCUYsfbJ3FXJY3dqZw5jowg
T2Vfldr394fWxghOrvbqNOUQGls1TXfjViF4gtwhGTXeJLHTHUb/XV9lTzGCAzswggM3AgEB
MGkwYjELMAkGA1UEBhMCWkExJTAjBgNVBAoTHFRoYXd0ZSBDb25zdWx0aW5nIChQdHkpIEx0
ZC4xLDAqBgNVBAMTI1RoYXd0ZSBQZXJzb25hbCBGcmVlbWFpbCBJc3N1aW5nIENBAgMMZPEw
CQYFKw4DAhoFAKCCAacwGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUx
DxcNMDQwNzIzMTU1MTA2WjAjBgkqhkiG9w0BCQQxFgQUeaB3Laci1/hdAD/4jiAzU1VpWVYw
UgYJKoZIhvcNAQkPMUUwQzAKBggqhkiG9w0DBzAOBggqhkiG9w0DAgICAIAwDQYIKoZIhvcN
AwICAUAwBwYFKw4DAgcwDQYIKoZIhvcNAwICASgweAYJKwYBBAGCNxAEMWswaTBiMQswCQYD
VQQGEwJaQTElMCMGA1UEChMcVGhhd3RlIENvbnN1bHRpbmcgKFB0eSkgTHRkLjEsMCoGA1UE
AxMjVGhhd3RlIFBlcnNvbmFsIEZyZWVtYWlsIElzc3VpbmcgQ0ECAwxk8TB6BgsqhkiG9w0B
CRACCzFroGkwYjELMAkGA1UEBhMCWkExJTAjBgNVBAoTHFRoYXd0ZSBDb25zdWx0aW5nIChQ
dHkpIEx0ZC4xLDAqBgNVBAMTI1RoYXd0ZSBQZXJzb25hbCBGcmVlbWFpbCBJc3N1aW5nIENB
AgMMZPEwDQYJKoZIhvcNAQEBBQAEggEAX59KvniFxxyoRGjN77jaCWv3GedGinGG7U3cGHB0
3ND0mTwma15xZCr37F25yHxqG/fWM9xfEsvZIUzPh3sc3KSbXK5Z2H/LUMt/xtyxBaNGqnBg
pn1A+t6jv0YbgmCa0XkMrzCqAqVm2kQyVZ+DsR09L1TtCim2DHJNyAeVfIseHrXDVvmWpyiv
Hdb7WGb7MhPYUH6NdHXMi9B3OVNB03LET//k86lRjbxFgvzDw7Zg/ZqNY7ph1n1yFy819x0v
vLAfbiicUaS9+HM2JcTbvu3eJqm7Ga+1Bk0ge09ENVs5hNKcuXqVXk/4mlkhaLt/2hY0sH43
wFgRfoulMwM6jQAAAAAAAA==
--------------ms080508030107020503040400--