[OpenAFS-win32-devel] Windows Non-Interactive Logons (aka Scheduled Tasks) and AFS
Christopher D. Clausen
cclausen@acm.org
Wed, 28 Mar 2007 17:59:53 -0500
Jeffrey Altman <jaltman@secure-endpoints.com> wrote:
> Christopher D. Clausen wrote:
>> Jeffrey Altman <jaltman@secure-endpoints.com> wrote:
>>> Is anyone going to be upset if I disable integrated logon support
>>> for non-interactive logon sessions such as those produced by
>>> "Scheduled Tasks"?
>>
>> Sounds good to me. In fact, I'd prefer it if integrated logon was
>> not enabled by default in the installers.
>
> What do you mean by this?
>
> Do you mean that "afslogon.dll" should not be registered as a Network
> Provider or that it should not obtain "AFS" tokens?
Basically, have the "integrated logon" checkbox in the installer not
checked by default. For end users, I generally encourage them to use
different passwords on their personal machines from ones used for the
REALM serving the AFS cell. Having integrated logon on their machines
doesn't help and sometimes causes problems. (When and if I have
specifics, bug reports will be filed.)
Any machines I setup that need integrated logon support can have the
integrated logon enabled manually at install time (or later through the
registry.)
<<CDC