]> git.michaelhowe.org Git - packages/o/openafs.git/commitdiff
projects / packages / o / openafs.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 6c71215)
STABLE14-windows-comments-20050314
authorJeffrey Altman <jaltman@secure-endpoints.com>
Tue, 15 Mar 2005 00:43:54 +0000 (00:43 +0000)
committerJeffrey Altman <jaltman@secure-endpoints.com>
Tue, 15 Mar 2005 00:43:54 +0000 (00:43 +0000)
Update the comments to indicate how we force authentication to be
performed against the Windows logon cache instead of a domain controller
and how BackConnectionsHostNames will work in Longhorn Beta 1.

(cherry picked from commit 80d60b9cd1275c4a4ded571c5876a1e704baf53e)

src/WINNT/afsd/afsd_init.c patch | blob | history
src/WINNT/afsd/smb.c patch | blob | history

diff --git a/src/WINNT/afsd/afsd_init.c b/src/WINNT/afsd/afsd_init.c
index a3c9b34e2519645b13cd1a2783d05d494bd85bff..38e5241bdaf741192afbdce82628e84b855ea328 100644 (file)
--- a/src/WINNT/afsd/afsd_init.c
+++ b/src/WINNT/afsd/afsd_init.c
@@ -259,6 +259,10 @@ configureBackConnectionHostNames(void)
      *             check for the UnsetDisableLoopbackCheck value.  
      *             If set, set the DisableLoopbackCheck flag to 0x0 
      *             and delete the UnsetDisableLoopbackCheck value
+     *
+     * Starting in Longhorn Beta 1, an entry in the BackConnectionHostNames value will
+     * force Windows to use the loopback authentication mechanism for the specified 
+     * services.
      */
     HKEY hkLsa;
     HKEY hkMSV10;
diff --git a/src/WINNT/afsd/smb.c b/src/WINNT/afsd/smb.c
index 7c95a1aa3749f148b6d64253beea51162f2809f2..7bdf60eadf3afa1ae3e0e4e63dc17bb0b0ad84b8 100644 (file)
--- a/src/WINNT/afsd/smb.c
+++ b/src/WINNT/afsd/smb.c
@@ -1,4 +1,3 @@
-#define LARRY_HACK 1
 /*
  * Copyright 2000, International Business Machines Corporation and others.
  * All Rights Reserved.
@@ -8036,8 +8035,14 @@ void smb_Init(osi_log_t *logp, char *snamep, int useV3, int LANadapt,
             packageName.MaximumLength = packageName.Length + 1;
             nts = LsaLookupAuthenticationPackage(smb_lsaHandle, &packageName , &smb_lsaSecPackage);
             if (nts == STATUS_SUCCESS) {
-#ifdef LARRY_HACK
-                /* BEGIN - This code is from Larry */
+                /* BEGIN 
+                 * This code forces Windows to authenticate against the Logon Cache 
+                 * first instead of attempting to authenticate against the Domain 
+                 * Controller.  When the Windows logon cache is enabled this improves
+                 * performance by removing the network access and works around a bug
+                 * seen at sites which are using a MIT Kerberos principal to login
+                 * to machines joined to a non-root domain in a multi-domain forest.
+                 */
                 PVOID pResponse = NULL;
                 ULONG cbResponse = 0;
                 MSV1_0_SETPROCESSOPTION_REQUEST OptionsRequest;
@@ -8066,7 +8071,6 @@ void smb_Init(osi_log_t *logp, char *snamep, int useV3, int LANadapt,
                     OutputDebugString("MsV1_0SetProcessOption success");
                 }
                 /* END - code from Larry */
-#endif /* LARRY_HACK */
 
                 smb_lsaLogonOrigin.Buffer = "OpenAFS";
                 smb_lsaLogonOrigin.Length = strlen(smb_lsaLogonOrigin.Buffer);