Michael Sievers wrote: > Hi ! > > We got problems during integrated logon using OpenAFS Version higher than > 1.4.1 on our Windows 2003 Terminal Server. In the changelog, there is a > entry > > Since 1.4.2-beta2: > * Corrections to the Integrated Logon functionality that permits > Kerberos 5 TGTs to be communicated into the user session. The > transfer is now more secure and succeeds when the user does not > have read permission to the %SystemRoot%\TEMP directory. > > We believe, that maybe this change causes our problems. > > Can someone please explain, what exactly has been changed ?
This change is to apply security settings to the user's file ticket cache in order to prevent access from other users on the machine. It does not have any impact on the actual acquisition of afs tokens. This functional change is associated with the transfer of the Kerberos tickets to the logon session so that afs tokens can be auto-renewed. The 1.4 series is no longer recommended for use on Windows. Please use the 1.5.15 release. http://www.openafs.org/windows.html If you are having problems. Send a bug report complete with debugging events from integrated logon as per the directions in the release notes. Jeffrey Altman Secure Endpoints Inc.
smime.p7s
Description: S/MIME Cryptographic Signature
