> Matt Lytle via RT wrote: > >> Bug1: Leash32 from 2.6Beta7 crashes when starting on a Windows 2000 >> machine when attached to a remote network with no VPN connection. Error >> message (note memory addresses changes): "The instruction at >> 0x77fcca36" referenced memory at "0x000c0100" the memory could not be >> written". This does not occur on Windows XP boxes, and leash32 runs >> fine after the vpn connection is established. >> > In other words, you are reporting that Leash is crashing > when there is a network connection but the KDC for the > default realm is not reachable when run on Windows 2000. > Is this correct? > That was correct, although it appears to be fixed with beta 9 that you had me test. > >> Bug2: It appears that for some reason that Leash32 likes to disable the >> AFS Status setting. It appears to happen when it can not contact the >> cell for some reason. Can this be changed or over ridden? Possibly >> with a registry key. We are trying to support remote users, and run >> leash32 on startup (in the task tray) and it is very inconvenient for >> them to have to enable the afs properties frequently. >> > The AFS Status is disabled when there is a problem > communicating with the AFS Client Service. This is > a bug in the AFS Client. OpenAFS version 1.3.60 fixes > this problem. The cause is a race condition between > the pioctl() and RPC calls necessary for performing > Token operations with the AFS Client Service. The > AFS library libauthent.dll did not place a system > global critical section around both operations allowing > multiple applications such as Leash32.exe and afscreds.exe > to step on each others toes. > Good to know, we are going to be using the 1.3.61 client soon. >> Bug3: When obtaining tickets via ms2mit.exe and when they expire you >> receive an error message that says: Ticket expired (Kerberos error 32) >> krb5_get_renewed_creds() failed. However, clicking ok, and then using >> the renew button in leash it works. >> > Confirm that you have the correct configuration data > for your Windows Domain and KDC within the KRB5.INI > file. Leash possesses renewable tickets in its cache > but is unable to renew the tickets. Most likely it > cannot contact your KDC. > Another possibility is that your KDC is refusing to > renew the tickets. In which case, Windows simply uses > the cached username and password to perform a new TGS > request which cannot be done by Leash directly. > So would requesting non-renewable tickets solve this problem? My krb5.ini is correct. Although it seems that all tickets imported with ms2mit have the R flag. How do I avoid that? >> Feature Reqest1: Add options like -aklog to leash32 to be used in >> conjunction with -ms2mit. Also add -persistent to leash32 to be used in >> conjunction with -ms2mit, so it does the -ms2mit then stays in the task >> tray. I would like to be able to call something like "leash32 -ms2mit >> -aklog -persistent" from the command line. >> > Use the -autoinit option as described in the documentation. > This will automatically perform an import from the MSLSA > cache when the session is Kerberos authenticated. >> Can there be an option added so that -autoinit also does an aklog? >> Feature Request2: Make ms2mit optionally run as a service. It would be >> nice if it ran in the background (or through leash32) and automatically >> extracted tickets from the ms lsa cache when they were renewed. >> > This is how Leash currently behaves when properly configured and > auto-ticket-renewal is turned on. It seems to work with the exception of the above error message. As I mentioned above using ms2mit causes the tickets to have the R flag set. > > Jeffrey Altman > Kerberos for Windows maintainer. Thanks, Matt > > > _______________________________________________ > krb5-bugs mailing list > krb5-bugs@mit.edu > https://mailman.mit.edu/mailman/listinfo/krb5-bugs