It looks like your high security fix is a new "OpenAFS only" add-on. Where is the official documentation for this? I didn't see the code that allows the "LogoffTokenTransferTimeout" in the OpenAFS source. It looks to me like Transarc/IBM released the source for AFS (an older version) and the OpenAFS group fork'ed it. Then, features have been added that almost no one knows anything about. Am I wrong?
Rodney
At 09:49 AM 12/13/2002 -0800, James Peterson wrote:
Token theft is an issue with windows, not necessary with just XP. Basically there was no solution to destroy tokens when the user logs out so the token is left around for the next user who logs on to grab (if they know the previous username).I suggest you use the "High security" option. We designed this option to make it difficult to grab 'left over tokens' by creating an internal secret user name. Using the High Security option will make it next to impossible to steal your tokens. If you use Regedit, change the Logon Options parameter to 2 or 3 and reboot. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemond\Netw orkProvider LogonOptions = 1 - Integrated Logon LogonOptions = 2 - High Security options, Random User name generation LogonOptions = 3 - both James Peterson "Integrity is the Base of Excellence" P.S. If someone could direct me to a system 'call back' or process that is invoked when a user logs out then I would gladly fix that problem. _______________________________________________ OpenAFS-info mailing list [EMAIL PROTECTED] https://lists.openafs.org/mailman/listinfo/openafs-info
_______________________________________________ OpenAFS-info mailing list [EMAIL PROTECTED] https://lists.openafs.org/mailman/listinfo/openafs-info
