13 Commits

Author SHA1 Message Date
Jeffrey Altman
9999c1faeb STABLE14-winnotes-cummulative-20041017
Changes for 1.3.72
2004-10-18 05:11:49 +00:00
Jeffrey Altman
4dcdbec005 STABLE14-kfw-hklm-registry-fix-20040922
Fix the registry query in afskfw.lib to read the HKLM machine value
even if the HKCU key is present.

Update text in the install notes to better describe the krb524
issues


(cherry picked from commit d69e6641e5fc423b41fcfc9345a6f917ec958f37)
2004-09-22 16:07:40 +00:00
Jeffrey Altman
48fba74eb7 STABLE14-windows-admin-group-20040823
Update text files for 1.3.71 and describe the new Windows Authorization
Group "AFS Client Admins"

====================
This delta was composed from multiple commits as part of the CVS->Git migration.
The checkin message with each commit was inconsistent.
The following are the additional commit messages.
====================

Add support for "AFS Client Admins" windows authortization group


(cherry picked from commit 40d2f5f7c02e28cf471d284e5be9fb97c91d145a)
2004-08-23 16:55:02 +00:00
Jeffrey Altman
9e1bc019b9 STABLE14-1-3-70-release-really-20040809
Restore the installation of afslogon.dll as a winlogon event handler.
Microsoft identified the problem as being a newly added restriction
on the behavior of DllMain entry points.  Network operations such
as bind() may no longer be called.  The ICF blocks them but does not
cause an error to be returned.


(cherry picked from commit 2e8a3050d39ead364cad038647f0049b5c03b119)
2004-08-10 05:10:44 +00:00
Jeffrey Altman
544afa6bcc release-1370-20040810
Disable the installation of the WinLogon Event Handlers to avoid
problems with XP SP2 Final Release booting and profiles being released
on logoff.

Update version to 1.3.7000

Add VS8 entries to the build system
2004-08-09 05:20:07 +00:00
Jeffrey Altman
3d790dd232 winnotes-20040807
document new freelance functionality and update install notes

====================
This delta was composed from multiple commits as part of the CVS->Git migration.
The checkin message with each commit was inconsistent.
The following are the additional commit messages.
====================

more updates
2004-08-07 22:32:46 +00:00
Jeffrey Altman
4c20d3d1fc winnotes-20040805
Updates winnotes with current info

====================
This delta was composed from multiple commits as part of the CVS->Git migration.
The checkin message with each commit was inconsistent.
The following are the additional commit messages.
====================

summary of changes performed this week for 1.3.70
2004-08-05 17:47:28 +00:00
Jeffrey Altman
3a89df255c small-tweaks-20040725
* update winnotes

* add osi trace log entries to help diagnose issues with overlapped writes
  from CIFS client

* fix osi trace log entries for freelance add mount to use osi_SaveLogString

* fix afscreds "Start Service" to automatically obtain tokens if kerberos
  tickets are available

* update afscreds systray menu to use "..." after Remove Icon

* remove extra "." in wix installer resource
2004-07-25 21:53:09 +00:00
Jeffrey Altman
74197f04f3 install-notes-20040723
Update the install notes to describe conflicts between SMB Authentication
and Windows machines configured with non-Windows Kerberos authentication
used to map to local accounts.

====================
This delta was composed from multiple commits as part of the CVS->Git migration.
The checkin message with each commit was inconsistent.
The following are the additional commit messages.
====================

More updates to smb auth vs external kerberos login
2004-07-23 23:25:23 +00:00
Jeffrey Altman
b0920fe9c2 registry-docs-logoff-20040721
* Update Windows Notes files

* Modify logoff procedure to use a pioctl to check if an arbitrary path
  exists within AFS

* Add a new registry value HKLM\Software\OpenAFS\Client  CellServDBDir
  which can be used to locate the CellServDB file in an arbitrary directory
2004-07-21 15:05:59 +00:00
Jeffrey Altman
8063c68dc8 winnotes-20040715
Update Windows note files with the latest changes.
2004-07-15 17:26:35 +00:00
Jeffrey Altman
d03840f85c smb-auth-20040711
Over last several years significant efforts have been made to work around
the inability to protect user tokens from use by inappropriate entities.
The tokens are associated with a given userid and session by a combination
of an SMB based ioctl and an authenticated/encrypted RPC.  This has opened
the door for tokens to be borrowed by other users if they could connect
to the same SMB server with the identical userid.  This was trivially
possible because the SMB connections were unauthenticated.

This patch adds two forms of authenticated SMB connections: NTLM and
Extended Security (aka GSS SPNEGO).  By default Extended Security mode
is used.  This patch has been tested on 2000 workstation, 2000 server,
XP SP1, and 2003 Server, and XP SP2 RC2.  The Extended Security works on
all platforms except for XP SP2 RC2 regards of whether or not the machine
is part of a domain or not; and whether or not a local or domain account
is used.

On XP SP2 RC2, attempts to use negotiate Extended Security result in a
Logon Denied error from AcceptSecurityContext() and a substatus code of
0x7C90486A is logged to the Security Event log via the NTLM SSP.
The SMB AUTH NTLM mode succeeds on XP SP2 RC2.

Disabling SMB Authentication or specifying the use of NTLM mode may be done
via the registry.

Value   : smbAuthType
Type    : DWORD {0..2}
Default : 2

  If this value is specified, it defines the type of SMB authentication
  which must be present in order for the Windows SMB client to connect
  to the AFS Client Service's SMB server.  The values are:
    0 = No authentication required
    1 = NTLM authentication required
    2 = Extended (GSS SPNEGO) authentication required
  The default is Extended authentication
2004-07-11 22:22:57 +00:00
Jeffrey Altman
4586c298ae windows-install-notes-20040624
A first cut at installation notes for windows.
2004-06-24 19:24:14 +00:00