> Asanka Herath has implemented the desired functionality for the OpenAFS
> Network Identity Manager credential provider. Starting with the next
> release, in addition to the NIM notification icon the AFS notification
> icon will also be generated and will provide feedback for four states:
>
> -
Wow, great! Good job, wonderful!
Now it will be really usable as a first step when giving support.
Great work! Really!
-- Ragge
Jeffrey Altman wrote:
Asanka Herath has implemented the desired functionality for the OpenAFS
Network Identity Manager credential provider. Starting with the next
YEAH.. Great work. This is going to be really helpful. Thanks.
On Mon, Oct 19, 2009 at 11:53 AM, Jeffrey Altman <
jalt...@secure-endpoints.com> wrote:
>
>
> Asanka Herath has implemented the desired functionality for the OpenAFS
> Network Identity Manager credential provider. Starting with the n
Anders Magnusson wrote:
> Jeffrey Altman wrote:
>> Anders Magnusson wrote:
>>
>>> Exactly. It's much easier to ask whether people see a padlock without a
>>> red cross
>>> than asking them to open the NetIdMgr and look for AFS credentials.
>>>
>>
>> This confirms the idea that the NetIdMgr
http://gerrit.openafs.org/#change,663
provides a very small patch to perform the following modifications to
afscreds.exe and afs_config.exe.
afscreds.exe:
1. disable the drive mapping and advanced tabs.
2. on exit, remove the option to stop the service.
afs_config.exe:
1. disable the drive mappi
Dave B wrote:
> our experience is usually different. When afs is not running, it's almost due
> to a problem where no matter how many times one tries to restart the client,
> the client service won't restart. These issues, which usually occur after
> updating the client, are usually related to cach
our experience is usually different. When afs is not running, it's almost due
to a problem where no matter how many times one tries to restart the client,
the client service won't restart. These issues, which usually occur after
updating the client, are usually related to cache size issues on 32-bi
> It worries me that checking whether or not afsd_service.exe is running
> is one of the goals. It implies that you have a high enough incident
> rate where it is not that we have a problem to address that I may not
> be aware of.
Determining whether or not AFS is actually running is always
one o
Dyer, Rodney wrote:
> Windows already has basic service watchdog'ing capability setup on the
> Services.MSC, and can perform restarts, and task scripts (such as emails) on
> total failure.
>
> I believe that the latest versions of the Windows OpenAFS client are much
> more reliable. But in the
ber 14, 2009 5:59 AM
> To: Anders Magnusson
> Cc: openafs
> Subject: Re: [OpenAFS] The removal of afscreds.exe and afs_config.exe on
> Windows Vista and Windows 7: Seeking Opinions
>
> It worries me that checking whether or not afsd_service.exe is running
> is one of the g
Jeffrey Altman wrote:
Anders Magnusson wrote:
Jeffrey Altman wrote:
For Ragge I'm wondering if the benefit he is seeking is that of the AFS
centric identity or the fact that the lock is easier to describe than
the NetIdMgr cube which either contains an identity, an expired
identity, or
Anders Magnusson wrote:
> Jeffrey Altman wrote:
>> For Ragge I'm wondering if the benefit he is seeking is that of the AFS
>> centric identity or the fact that the lock is easier to describe than
>> the NetIdMgr cube which either contains an identity, an expired
>> identity, or none at all.
>>
>
Jeffrey Altman wrote:
For Ragge I'm wondering if the benefit he is seeking is that of the AFS
centric identity or the fact that the lock is easier to describe than
the NetIdMgr cube which either contains an identity, an expired
identity, or none at all.
Exactly. It's much easier to ask whethe
Chaz Chandler wrote:
> And some of the other comments on the list, could the future of afscreds
> be isolated to #1 (unprivileged-type activities)?
While this could certainly be an intermediary step I do not consider it
a long term solution. Windows Error Reporting indicates that in the
last 90
Subject: Re: [OpenAFS] The removal of afscreds.exe and afs_config.exe on
> Windows Vista and Windows 7: Seeking Opinions
>
> David Bear wrote:
> > as far as mapping drives... we don't need no stinking mapped drives --
> > educate the world on using UNC's!
&
> What has been voiced as part of this thread by Chaz and Dave and perhaps
> by Ragge (not sure yet) is that there is a desire to have an AFS
> identity centric model in preference to a Kerberos v5 identity centric
> model when it comes to authentication. ...
Yes, perhaps that's the best way to
David Bear wrote:
>
> In NetIdMgr v2 each identity can be assigned its own icon. Both Asanka
> and I believe it may make sense to show the identity icons in the
> notification area as an indication that the credentials have been
> obtained. What do people think of that idea?
>
>
To followup a bit...
yes, the simplicity of the red X and the lock icon is great for our very
un-savvy computer users.
Because much of the other functionaliy in the afscreds app is deprecated,
doesn't work for various reasons, or has been replaced by other tools (mapping
drives, configuring the c
David Bear wrote:
The only other thing I miss from afscreds is the version number for
afs. I don't see where this is easily available -- elsewhere, not
even in the control panel applet.
Just run fs -version from a command prompt:
Win+R cmd -> fs -version
C:\>fs -version
OpenAFS_1.5.6101
C:\
>
>
> In NetIdMgr v2 each identity can be assigned its own icon. Both Asanka
> and I believe it may make sense to show the identity icons in the
> notification area as an indication that the credentials have been
> obtained. What do people think of that idea?
>
>
We decided to make KfW part of th
I just wanted to echo this - we've been having our helpdesk tell users to
"see if there's a red X on the padlock icon" for years as a first step in
debugging. Most of our AFS users don't really understand what AFS even is,
so making it as simple as possible is better. Trying to get them to look a
Anders Maegnusson wrote:
> No opinions about the stuff below, but from a support perspective it is
> really nice
> with the padlock down right. When people have trouble with file
> accesses the two
> questions:
>
> - Do you have a padlock down right?
> - Is there a red cross over the padlock?
>
No opinions about the stuff below, but from a support perspective it is
really nice
with the padlock down right. When people have trouble with file
accesses the two
questions:
- Do you have a padlock down right?
- Is there a red cross over the padlock?
are quite valuable.
-- Ragge
Jeffrey A
Can this proposed configuration be simulated with the current release by
setting the registry key:
[HKEY_CURRENT_USER\Software\MIT\NetIDMgr\PluginManager\Plugins\AfsCred\Disableafscreds
to 1
and deleting or renaming afscreds.exe and afs_config.exe?
Mickey.
> From: openafs-info-ad...@openafs
Dave B wrote:
> A good discussion happening here...
>
> On Wed, Sep 30, 2009 at 11:11:41PM +0200, Jeffrey Altman wrote:
>> David:
>>
>> 1. afscreds simply doesn't work reliably. as a result, its continued
>>use is in my opinion not an option on Vista, 2008 and Windows 7.
>
> Fortunately, we
A good discussion happening here...
On Wed, Sep 30, 2009 at 11:11:41PM +0200, Jeffrey Altman wrote:
> David:
>
> 1. afscreds simply doesn't work reliably. as a result, its continued
>use is in my opinion not an option on Vista, 2008 and Windows 7.
Fortunately, we use it very simply, and at
Jeffrey Altman wrote:
> Chaz:
>
> FYI, your response was sent to "openafs-info-ad...@openafs.org"
> which is not the mailing list. You might want to be aware of it
> for the future.
Will do, thanks.
> ...
>
Thanks, as always, for taking the time to compose a thorough reply! I
appreciate it,
David Boyes wrote:
>> 1. afscreds simply doesn't work reliably. as a result, its continued
>>use is in my opinion not an option on Vista, 2008 and Windows 7.
>
> Valid point, but it seems a bit precipitous to remove it before a replacement
> with equivalent function is available. Clearly it
> David Boyes wrote:
> >> 1. afscreds simply doesn't work reliably. as a result, its
> continued
> >>use is in my opinion not an option on Vista, 2008 and Windows 7.
> > Valid point, but it seems a bit precipitous to remove it before a
> > replacement with equivalent function is available. Cl
Chaz:
FYI, your response was sent to "openafs-info-ad...@openafs.org"
which is not the mailing list. You might want to be aware of it
for the future.
u...@realm and user/ad...@realm are two different users. NetIdMgr
explicitly permits you to maintain TGTs and AFS tokens for more than
one user a
David Boyes wrote:
1. afscreds simply doesn't work reliably. as a result, its continued
use is in my opinion not an option on Vista, 2008 and Windows 7.
Valid point, but it seems a bit precipitous to remove it before a
replacement with equivalent function is available. Clearly it works
for
> 1. afscreds simply doesn't work reliably. as a result, its continued
>use is in my opinion not an option on Vista, 2008 and Windows 7.
Valid point, but it seems a bit precipitous to remove it before a replacement
with equivalent function is available. Clearly it works for *some* people.
David:
1. afscreds simply doesn't work reliably. as a result, its continued
use is in my opinion not an option on Vista, 2008 and Windows 7.
2. it is true that Network Identity Manager cannot assume that it
should obtain an afs token automatically for the default workstation
cell in the
While I haven't looked in about a year, with the current version of MIT KfW
netidmgr (I believe the v2 beta may fix this), users doing cross-realm authn
to get afs tokens have to manually set up the mapping between the cross-realm
kerberos user and the afs user. Otherwise, it doesn't work. afs_cred
Ever since the release of Windows Vista I have been worried about the
continued shipment of afscred.exe (AFS Authentication Tool) and
afs_config.exe (AFS Client Manager Configuration Tool) in the OpenAFS
installers.
The Problem:
Beginning with Windows Vista, Microsoft implemented a security barri
35 matches
Mail list logo
