W2000 Patches in Progress. We will enum through the lana list and add netbios name to each lana (as Microsoft recommends). It will no longer be necessary to enter the correct Lana number in the Advanced Tab. Fix integrated log on. Issue is that during logon klog is done in OS context and therefore any SMB communication (pioctle calls) doesn't have a user name or password associated with it. Token authentication is really about binding the correct token list to the correct user/machine/LSN. It seems that Windows 2000 can create multiple sessions per user (in addition to the multiple user id's per session). This causes it to loose tokens when new sessions are created. The creation of multiple sessions seems to happen frequently on W2K terminal server and occasionally on W2K professional. This is particular critical if DOS windows are used. The patch we have decided to try is to create a global user list (instead of a user list per LSN, logical Session Number) . This would make the assignment of tokens by userName/machineName rather than by LSN. If this patch works then we can add security by doing a one way hash of the userName/machineName. Since blank user name is also used frequently, we would reserve userID 0 for blank user names and it would never have a token list associated with it. I expect to finish early next week. James Peterson "Integrity is the base of excellence." _______________________________________________ OpenAFS-devel mailing list [EMAIL PROTECTED] https://lists.openafs.org/mailman/listinfo/openafs-devel
