mirror of
https://git.openafs.org/openafs.git
synced 2025-01-18 23:10:58 +00:00
e2d6d9bf2e
Apparently the problem with multi-domain forests with cross- realm trusts to non-Windows realms was not entirely solved. The authentication to the AFS SMB service failed because the wrong name was being used. Using ASU as an example, the authentication was being performed with the name "QAAD\user" (an account in the forest root) and not "user@ASU.EDU (the MIT Kerberos principal used to login with) The solution was to add an additional dependency on KFW in order or to be able to easily obtain the client principal name stored in the MSLSA ccache TGT. This information is used in two locations: - the pioctl() function - a new WinLogon Event Handler for the "logon" event. The pioctl function will now be able to use the correct name when calling WNetAddConnection2() and the "logon" event handler will now be able to call WNetAddConnection2(). The hope is that the "logon" event handler will be called before the profile is loaded but I have not guarrantee that will happen. |
||
---|---|---|
.. | ||
winnotes | ||
ka2heim.txt |