From: Jeffrey Altman <jaltman@secure-endpoints.com>
Date: Tue, 15 Mar 2005 00:43:54 +0000 (+0000)
Subject: STABLE14-windows-comments-20050314
X-Git-Tag: openafs-devel-1_3_80~20
X-Git-Url: https://git.michaelhowe.org/gitweb/?a=commitdiff_plain;h=a796c890d44f583d9a7e91d21ca92c8508655683;p=packages%2Fo%2Fopenafs.git

STABLE14-windows-comments-20050314


Update the comments to indicate how we force authentication to be
performed against the Windows logon cache instead of a domain controller
and how BackConnectionsHostNames will work in Longhorn Beta 1.


(cherry picked from commit 80d60b9cd1275c4a4ded571c5876a1e704baf53e)
---

diff --git a/src/WINNT/afsd/afsd_init.c b/src/WINNT/afsd/afsd_init.c
index a3c9b34e2..38e5241bd 100644
--- a/src/WINNT/afsd/afsd_init.c
+++ b/src/WINNT/afsd/afsd_init.c
@@ -259,6 +259,10 @@ configureBackConnectionHostNames(void)
      *             check for the UnsetDisableLoopbackCheck value.  
      *             If set, set the DisableLoopbackCheck flag to 0x0 
      *             and delete the UnsetDisableLoopbackCheck value
+     *
+     * Starting in Longhorn Beta 1, an entry in the BackConnectionHostNames value will
+     * force Windows to use the loopback authentication mechanism for the specified 
+     * services.
      */
     HKEY hkLsa;
     HKEY hkMSV10;
diff --git a/src/WINNT/afsd/smb.c b/src/WINNT/afsd/smb.c
index 7c95a1aa3..7bdf60ead 100644
--- a/src/WINNT/afsd/smb.c
+++ b/src/WINNT/afsd/smb.c
@@ -1,4 +1,3 @@
-#define LARRY_HACK 1
 /*
  * Copyright 2000, International Business Machines Corporation and others.
  * All Rights Reserved.
@@ -8036,8 +8035,14 @@ void smb_Init(osi_log_t *logp, char *snamep, int useV3, int LANadapt,
             packageName.MaximumLength = packageName.Length + 1;
             nts = LsaLookupAuthenticationPackage(smb_lsaHandle, &packageName , &smb_lsaSecPackage);
             if (nts == STATUS_SUCCESS) {
-#ifdef LARRY_HACK
-                /* BEGIN - This code is from Larry */
+                /* BEGIN 
+                 * This code forces Windows to authenticate against the Logon Cache 
+                 * first instead of attempting to authenticate against the Domain 
+                 * Controller.  When the Windows logon cache is enabled this improves
+                 * performance by removing the network access and works around a bug
+                 * seen at sites which are using a MIT Kerberos principal to login
+                 * to machines joined to a non-root domain in a multi-domain forest.
+                 */
                 PVOID pResponse = NULL;
                 ULONG cbResponse = 0;
                 MSV1_0_SETPROCESSOPTION_REQUEST OptionsRequest;
@@ -8066,7 +8071,6 @@ void smb_Init(osi_log_t *logp, char *snamep, int useV3, int LANadapt,
                     OutputDebugString("MsV1_0SetProcessOption success");
                 }
                 /* END - code from Larry */
-#endif /* LARRY_HACK */
 
                 smb_lsaLogonOrigin.Buffer = "OpenAFS";
                 smb_lsaLogonOrigin.Length = strlen(smb_lsaLogonOrigin.Buffer);