Index: openafs/doc/html/AdminReference/auarf234.htm
diff -c openafs/doc/html/AdminReference/auarf234.htm:1.1 openafs/doc/html/AdminReference/auarf234.htm:1.2
*** openafs/doc/html/AdminReference/auarf234.htm:1.1	Wed Jun  6 14:09:12 2001
--- openafs/doc/html/AdminReference/auarf234.htm	Tue Jul 13 02:08:32 2004
***************
*** 15,21 ****
  <H1>Administration Reference</H1>
  <HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf233.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf235.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P> 
  <P>
! <H2><A NAME="HDRSYS" HREF="auarf002.htm#ToC_248">sys</A></H2>
  <P><STRONG>Purpose</STRONG>
  <A NAME="IDX5468"></A>
  <A NAME="IDX5469"></A>
--- 15,21 ----
  <H1>Administration Reference</H1>
  <HR><P ALIGN="center"> <A HREF="../index.htm"><IMG SRC="../books.gif" BORDER="0" ALT="[Return to Library]"></A> <A HREF="auarf002.htm#ToC"><IMG SRC="../toc.gif" BORDER="0" ALT="[Contents]"></A> <A HREF="auarf233.htm"><IMG SRC="../prev.gif" BORDER="0" ALT="[Previous Topic]"></A> <A HREF="#Bot_Of_Page"><IMG SRC="../bot.gif" BORDER="0" ALT="[Bottom of Topic]"></A> <A HREF="auarf235.htm"><IMG SRC="../next.gif" BORDER="0" ALT="[Next Topic]"></A> <A HREF="auarf284.htm#HDRINDEX"><IMG SRC="../index.gif" BORDER="0" ALT="[Index]"></A> <P> 
  <P>
! <H2><A NAME="HDRSYS" HREF="auarf002.htm#ToC_248">fs sysname</A></H2>
  <P><STRONG>Purpose</STRONG>
  <A NAME="IDX5468"></A>
  <A NAME="IDX5469"></A>
***************
*** 29,35 ****
  <PRE><B>sys</B> 
  </PRE>
  <P><STRONG>Description</STRONG>
! <P>The <B>sys</B> command displays the string stored in kernel memory that
  indicates the local machine's CPU/operating system (OS) type. The
  Cache Manager substitutes the string for the <VAR>@sys</VAR> variable which can
  occur in AFS pathnames; the <I>IBM AFS Quick Beginnings</I> and
--- 29,35 ----
  <PRE><B>sys</B> 
  </PRE>
  <P><STRONG>Description</STRONG>
! <P>The <B>fs sysname</B> command displays the string stored in kernel memory that
  indicates the local machine's CPU/operating system (OS) type. The
  Cache Manager substitutes the string for the <VAR>@sys</VAR> variable which can
  occur in AFS pathnames; the <I>IBM AFS Quick Beginnings</I> and
***************
*** 46,52 ****
  <P><STRONG>Examples</STRONG>
  <P>The following example shows the output produced on a Sun SPARCStation
  running Solaris 5.7:
! <PRE>   % <B>sys</B>
     sun4x_57
     
  </PRE>
--- 46,52 ----
  <P><STRONG>Examples</STRONG>
  <P>The following example shows the output produced on a Sun SPARCStation
  running Solaris 5.7:
! <PRE>   % <B>fs sysname</B>
     sun4x_57
     
  </PRE>
Index: openafs/doc/txt/winnotes/afs-changes-since-1.2.txt
diff -c openafs/doc/txt/winnotes/afs-changes-since-1.2.txt:1.4 openafs/doc/txt/winnotes/afs-changes-since-1.2.txt:1.8
*** openafs/doc/txt/winnotes/afs-changes-since-1.2.txt:1.4	Wed Jun 23 16:22:42 2004
--- openafs/doc/txt/winnotes/afs-changes-since-1.2.txt	Mon Jul 26 19:24:09 2004
***************
*** 1,3 ****
--- 1,177 ----
+ Since 1.3.65:
+    * afs_config.exe now validates cell names against DNS in addition
+      to the CellServDB file.
+ 
+    * In order to allow the freelance client to connect to a volume with ID 
+      equal to 1 on the default cell we changed the fake root.afs volume ID
+      once again.  This time we choose 0xFFFFFFFF.  In addition, we change
+      the cell ID of the fake root.afs volume from 1 to 0xFFFFFFFF as well.
+      It will now be impossible for a volume ID to match that of another 
+      cell unless the client is connected to 0xFFFFFFFD cells.  That should
+      be enough room for growth.
+ 
+    * Fix "fs mkmount" command to work with UNC paths and when
+      started from non-AFS drives.  It is now possible to create a mount
+      point in the freelance fake root.afs volume with the command
+ 
+         fs mkmount \\AFS\all\<directory-name> <volume-name> <cellname>
+ 
+      For example,
+         
+         fs mkmount \\AFS\all\openafs.org root.cell openafs.org
+         fs mkmount \\AFS\all\.openafs.org root.cell openafs.org -rw
+ 
+    * The algorithm used to re-attempt access to the servers associated with
+      a volume has been altered to properly address the case in which all 
+      servers have been marked down.  The previous algorithm did not reset
+      the server's down flags so the servers were never actually retried.
+      This caused a problem with active volumes if the network connectivity
+      was lost as could be the case with a network cable removal, wireless
+      drop, or laptop hibernation.  With the fix volume access is restored
+      almost instantenously when network connectivity becomes available.
+ 
+    * Support for SMB/CIFS browsing has been added to the AFS Client Service
+      SMB server.  It is now possible to use "NET VIEW \\AFS" to obtain a
+      listing of AFS submounts and freelance mount points.  Support for
+      NETSHAREENUM, NETSHAREGETINFO, NETSERVERENUM2, NETSERVERGETINFO
+      significantly enhances the behavior of AFS volumes within the Explorer
+      Shell.  For instance, "AFS" now shows up as server in the Explorer
+      with each submount or freelance mount point visible as a share.
+      The right click menu in each folder now works with full functionality
+      on a consistent basis.
+ 
+    * The network provider can be configured to have different behavior
+      depending on the domain that the user logs into.  These settings are
+      only relevant when using integrated login.  A domain refers to an
+      Active Directory (AD) domain, a trusted Kerberos (non-AD) realm or the
+      local machine (i.e. local account logins).  The domain name that is
+      used for selecting the domain would be the domain that is passed into
+      the NPLogonNotify function of the network provider. (see registry.txt
+      for details)
+ 
+    * Added a new registry value [HKCU\SOFTWARE\OpenAFS\Client] 
+      "Authentication Cell" which may be used to specify a default 
+      authentication cell for afscreds.exe which is different from
+      the default cell for the AFS Client Service daemon.
+ 
+    * Added a Logoff WinLogon Event Notification function to afslogon.dll.
+      afslogon.dll moved to %WINDIR%\System32\.
+      New registry entries added to register the dll for Winlogon events.
+ 
+      The logoff event will now force a call to ktc_ForgetAllTokens()
+      using the context of the user being logged off as long as the 
+      user's profile is not loaded from within AFS.  If the profile 
+      was loaded from AFS we can't release the tokens since the Logoff
+      event is triggered prior to the profile being written back to 
+      the its source location.
+ 
+    * Windows XP SP2 Internet Connection Firewall interoperability
+      has been added.
+ 
+    * The %WINDIR%\afsdsbmt.ini contains four sections:
+         Submounts, Drive Mappings, Active Maps and CSC Policies.
+      The Submounts and CSC policies are now stored in the registry under
+         [HKLM\SOFTWARE\OpenAFS\Client\Submounts]
+         [HKLM\SOFTWARE\OpenAFS\Client\CSCPolicy]
+      The Drive Mappings and Active Maps are stored in the registry under
+         [HKCU\SOFTWARE\OpenAFS\Client\Mappings]
+         [HKCU\SOFTWARE\OpenAFS\Client\Active Maps]
+ 
+      There is no automatic migration of this data as it would be impossible
+      to consistently migrate data to user profiles which may not be active
+      when the machine is updated.
+ 
+    * The %WINDIR%\afs_freelance.ini contains lists of mountpoints for the
+      fake root.afs volume.  For the same reasons as for the cellservdb file,
+      this information should not be in %WINDIR%.  This information is now
+      kept under the registry key
+         [HKLM\SOFTWARE\OpenAFS\Client\Freelance]
+ 
+      The data from the afs_freelance.ini file will be automatically 
+      migrated to the registry on first execution of afsd_service.exe
+ 
+    * Keeping the CellServDB file in the location %WINDIR%\afsdcell.ini is 
+      troublesome for several reasons.  One, it is confusing for those who
+      expect the file to be named "CellServDB" instead of "afsdcell.ini".
+      Two, this file is not a Windows Profile formatted file.  Three, 
+      applications should not be reading or writing to %WINDIR%.  It causes
+      problems for Windows Terminal Server.
+ 
+      The new location of CellServDB will be the OpenAFS Client install 
+      directory which is by default C:\Program Files\OpenAFS\Client and can
+      be determined by querying the registry for 
+      [HKLM\SOFTWARE\TransarcCorporation\AFS Client\CurrentVersion]PathName
+ 
+      The existing afsdcell.ini will be migrated by the NSIS installer. 
+      The Wix installer must still be updated to do the same.
+ 
+    * Change NSIS installer to use DNS by default; to remove Integrated Logon
+      High Security mode; and to add Terminal Services compatibility registry
+      entries to allow the OpenAFS tools to find the afsdcell.ini and other
+      configuration files in %WINDIR%.
+   
+    * Add support for authenticated SMB connections.   This will remove
+      the need for high security mode in most situations.  Both NTLM
+      and Extended Security (GSS SPNEGO) modes are supported.  Effectively,
+      only NTLM can be used even though Kerberos is now supported.  The
+      reason is that it is not possible to construct a service principal
+      which is unique to each individual machine.
+ 
+      SMB Extended Auth does not work on XP SP2 unless one of two registry
+      modifications are made:
+ 
+      (1) To disable the check for matching host names on loopback connections
+         set this key.  This does not require a reboot:
+ 
+         [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
+             "DisableLoopbackCheck"=dword:00000001
+ 
+      (2) To add the AFS SMB/CIFS service name to an approved list.  This
+         does require a reboot:
+ 
+         [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0]
+             "BackConnectionHostNames"=multi-sz "AFS" "MACHINE-AFS"
+ 
+      afsd_service.exe will automatically add the current Netbios Name
+      to the BackConnectionHostNames list and then temporarily disable
+      the loopback check for one cycle of startup/shutdown of the service.
+      We assume most folks do not start/stop without a reboot so this 
+      will be adequate in most cases.
+ 
+    * Fix security hole in afslogon.dll which allowed passwords to be
+      sent in clear text to the KDC in a misformed principal name.
+ 
+    * Fix cm_GetCell() to properly handle expired dns entries
+      without crashing
+ 
+    * If Freelance mode is active and the afs_freelance.ini
+      file does not exist, do not create an empty file.
+      Instead create a file containing ro and rw mountpoints
+      to the default cell using the standard conventions.
+ 
+    * Modify the Freelance support to handle the ability
+      to create rw mount points in the fake root.afs volume.
+ 
+    * Changed the RPC mechanism used for token setting from 
+      named pipes to local.  Use of named pipes can be restored
+      by setting the environment variable AFS_RPC_PROTSEQ to
+      "ncacn_np". 
+ 
+      Named pipes were required when a Windows 9x system was
+      using a NT system in gateway mode which is incompatible
+      with our use of local loopback adapters.
+ 
+    * In afscreds.exe, if a username of the form user@REALM is
+      specified and no password is specified, do not perform a 
+      kinit operation.  Only perform the aklog functionality.
+ 
+    * Add a new registry value which allows the number of processors
+      on which afsd_service.exe executes to be restricted.  Valid
+      values are 1..numOfProcessors
+ 
+        HKLM\SYSTEM\CurrentControlSet\Services\TransarcAfsDaemon\Parameters
+           (DWORD) MaxCPUs 
+ 
  Since 1.3.64:
     * A second MSI based installer option is now available.
  
***************
*** 33,40 ****
       builds as well as CHECKED (aka DEBUG) builds
  
     * Sites which have a volume ID of 0x20000001 assigned to their
!      root.afs volumes have been experiencing problems with accessing
!      the root.afs volume of their cell when Freelance mode has been
       active.  This was because 0x20000001 was assigned to the fake
       root.afs volume created by freelance.  The fake volume id is
       now set to 0x00000001 to prevent conflicts.
--- 207,214 ----
       builds as well as CHECKED (aka DEBUG) builds
  
     * Sites which have a volume ID of 0x20000001 assigned to their
!      root.cell volumes have been experiencing problems with accessing
!      the root.cell volume of their cell when Freelance mode has been
       active.  This was because 0x20000001 was assigned to the fake
       root.afs volume created by freelance.  The fake volume id is
       now set to 0x00000001 to prevent conflicts.
***************
*** 78,86 ****
  
       This should be the end of the "Server paused or restarting messages"
     
-    * Fix "fs mkmount" command to work with UNC paths and when
-      started from non-AFS drives
- 
     * Add support for arbitrary UNC paths to the pioctl() support.
       This enables the fs commands as well as the AFS Shell Extension
       to work correctly when UNC paths are being used.
--- 252,257 ----
Index: openafs/doc/txt/winnotes/afs-install-notes.txt
diff -c openafs/doc/txt/winnotes/afs-install-notes.txt:1.1 openafs/doc/txt/winnotes/afs-install-notes.txt:1.7
*** openafs/doc/txt/winnotes/afs-install-notes.txt:1.1	Thu Jun 24 14:24:14 2004
--- openafs/doc/txt/winnotes/afs-install-notes.txt	Sun Jul 25 16:53:09 2004
***************
*** 1,11 ****
! OpenAFS for Windows 1.3.65 Installation Notes
  ---------------------------------------------
  
  The OpenAFS for Windows product was very poorly maintained throughout the 
  1.2.x release cycle.  While the Unix version was being enhanced and its 
  quality was improving the Windows version stagnated.  The IBM AFS 3.6 product 
  was not designed for the Windows 2000/XP/2003 operating system nor was it 
! constructed with highly disconnected environments in mind.
  
  The 1.3.x series of releases not only fixes a large number of bugs in the 1.2 
  series but also attempts to enhance the functionality of the product to better 
--- 1,11 ----
! OpenAFS for Windows 1.3.70 Installation Notes
  ---------------------------------------------
  
  The OpenAFS for Windows product was very poorly maintained throughout the 
  1.2.x release cycle.  While the Unix version was being enhanced and its 
  quality was improving the Windows version stagnated.  The IBM AFS 3.6 product 
  was not designed for the Windows 2000/XP/2003 operating system nor was it 
! architected with highly disconnected environments in mind.
  
  The 1.3.x series of releases not only fixes a large number of bugs in the 1.2 
  series but also attempts to enhance the functionality of the product to better 
***************
*** 20,27 ****
  
  The 1.3.65 OpenAFS client will directly use Kerberos 5 tickets as tokens if 
  KFW is installed.  It requires that all of the AFS Servers which it 
! communicates support Kerberos 5 tickets. For OpenAFS this is any release 1.2.8 
! or higher.
  
  When using a Microsoft Windows Active Directory as your KDC for the AFS cell 
  extremely large tickets may be issued.  If this is your situation you either 
--- 20,28 ----
  
  The 1.3.65 OpenAFS client will directly use Kerberos 5 tickets as tokens if 
  KFW is installed.  It requires that all of the AFS Servers which it 
! communicates support Kerberos 5 tickets.  This requires that all servers 
! be running OpenAFS release 1.2.8 or higher.  Transarc servers do not support
! Kerberos 5 tickets as tokens.
  
  When using a Microsoft Windows Active Directory as your KDC for the AFS cell 
  extremely large tickets may be issued.  If this is your situation you either 
***************
*** 63,81 ****
  installers.  
  
  A couple of notes about Freelance mode.  First, since the fake root.afs volume 
! is constructed on the fly, when it is first used there will be no entries in 
! the volume.  Do not be concerned. Any attempt to access a valid cell name will 
! automatically result in a new read-only mount point being created in the fake 
! root.afs volume.  These mount points are preserved between service starts in 
! the %WINDIR%\afs_freelance.ini file.  
! 
! Unfortunately, at the current time it is not possible to create read-write 
! mount points in the fake root.afs cell.  This is a limitation which will be 
! addressed in a future release.
  
  4. The OpenAFS for Windows client will make use of AFSDB DNS records to 
  discover cell information when it is not located in the local CellServDB file 
! (%WINDIR%\afsdcell.ini).
  
  5. OpenAFS for Windows 1.3.65 only supports Windows 2000, Windows XP, and 
  Windows 2003.  Windows NT 4.0 and the entire Windows 9x/Me line are not 
--- 64,83 ----
  installers.  
  
  A couple of notes about Freelance mode.  First, since the fake root.afs volume 
! is constructed on the fly, when it is first used the only mount points will
! be for the default afs cell.  Do not be concerned.  Any attempt to access a 
! valid cell name will automatically result in a new read-only mount point 
! being created in the fake root.afs volume.  These mount points are preserved 
! between service starts in the HKLM\SOFTWARE\OpenAFS\Client\Freelance registry
! key.
! 
! As of 1.3.70, Freelance mode supports read-write mount points in the fake
! root.afs volume.  In addition, if the mount point list is empty, mount points
! for "cellname" (ro) and ".cellname" (rw) will be automatically generated.
  
  4. The OpenAFS for Windows client will make use of AFSDB DNS records to 
  discover cell information when it is not located in the local CellServDB file 
! (\Program Files\OpenAFS\Client\CellServDB).
  
  5. OpenAFS for Windows 1.3.65 only supports Windows 2000, Windows XP, and 
  Windows 2003.  Windows NT 4.0 and the entire Windows 9x/Me line are not 
***************
*** 103,109 ****
  not be obtained after the logon session starts except via the AFS Systray tool 
  as started by the AFS Network Provider.  If the AFS Systray tool is stopped 
  you must log off to obtain new tokens.  Do not use external tools such as 
! "aklog.exe" if High Security mode is turned on.
  
  7. The AFS Systray tool (afscreds.exe) supports several new command line 
  options: 
--- 105,113 ----
  not be obtained after the logon session starts except via the AFS Systray tool 
  as started by the AFS Network Provider.  If the AFS Systray tool is stopped 
  you must log off to obtain new tokens.  Do not use external tools such as 
! "aklog.exe" if High Security mode is turned on. As of 1.3.70, OpenAFS supports 
! Authenticated SMB connections which removes the need for High Security mode. 
! DO NOT USE IT!!!!! 
  
  7. The AFS Systray tool (afscreds.exe) supports several new command line 
  options: 
***************
*** 177,197 ****
  
  13. OpenAFS for Windows does not support files larger than 2GB.
  
! 14. There are documented problems running the AFS Client on Hyperthreaded 
! Pentium 4 machines.  At the current time it is recommended that hyper- 
! threading be disabled in the machine configuration.
  
  15. OpenAFS for Windows currently requires the use of TCP based RPC. If the 
  machine is restricted to Local RPC only, you will be unable to store tokens.
  
! 16. OpenAFS for Windows does not automatically open ports in the Windows 
! Internet Connection Firewall.  You must manually open port 7001 to allow for 
! incoming callback messages to be received by AFS file servers.
  
  17. The OpenAFS for Windows installer by default activates a weak form of 
  encrypted data transfer between the AFS client and the AFS servers.  This
  is often referred to as "crypt" mode.
  
  ------------------------------------------------------------------------
  
  Reporting Bugs:
--- 181,254 ----
  
  13. OpenAFS for Windows does not support files larger than 2GB.
  
! 14. There are known problems running the AFS Client on Hyperthreaded 
! Pentium 4 machines.  As of 1.3.70, a registry entry may be created to specify
! that the AFS Client Service should only use a single processor.  If you have
! a hyperthreaded system it is strongly advised that this registry value be set.
! See "registry.txt" for details on the MaxCPUs value. 
  
  15. OpenAFS for Windows currently requires the use of TCP based RPC. If the 
  machine is restricted to Local RPC only, you will be unable to store tokens.
+ As of 1.3.70, Local RPC is used as the default RPC mechanism for setting 
+ tokens.  TCP RPC is still used for debugging and other functions.
  
! 16. As of 1.3.70, OpenAFS for Windows automatically open ports in the Windows 
! Internet Connection Firewall.
  
  17. The OpenAFS for Windows installer by default activates a weak form of 
  encrypted data transfer between the AFS client and the AFS servers.  This
  is often referred to as "crypt" mode.
  
+ 18. OpenAFS 1.3.70 adds support for authenticated SMB connections using 
+ either NTLM or GSS SPNEGO (NTLM, Kerberos 5, ...).  In previous versions
+ of OpenAFS the SMB connections were unauthenticated which left open the
+ door for several security holes which could be used to obtain access to
+ the use of other user's tokens on shared machines.  With the introduction
+ of authenticated SMB connections the so called High Security mode should
+ no longer be used.  
+ 
+ When GSS SPNEGO results in a Kerberos 5 authentication, the Windows SMB
+ client will attempt to retrieve service tickets for "cifs/afs@REALM" (if 
+ the loopback adapter is in use) or "cifs/machine-afs@REALM" (if the loopback
+ adapter is not being used).  It is extremely important that this service 
+ principal not exist in the KDC database.   If the request for this ticket
+ fails, a subsequent request for "cifs/HOST$@REALM" will be issued.  This 
+ service principal should exist in the KDC database.  The key associated 
+ with this service principal must match the key assigned to 
+ "host/machine@REALM".  If the local machine is part of a Windows Domain
+ this will all be taken care of for you.  If the local machine is using
+ a non-MS KDC for authentication, then your KDC administrator will have to
+ add these service principals to the list of principals to be maintained
+ for each host.
+ 
+ 19. As of 1.3.70, INI files are no longer used for the storage of AFS 
+ configuration data.  No longer are there any AFS related files stored in the
+ %WINDIR% directory.  The CellServDB file is no longer called "afsdsbmt.ini"
+ and it is stored in the OpenAFS\Client directory.  The afs_freelance.ini
+ and afsdsbmt.ini file data has been moved to the registry.  
+ 
+ IMPORTANT: while the CellServDB file location and freelance mountpoint
+ data will be automatically migrated; there is no mechanism for automatic
+ migration of Submounts, Drive Mappings, Active Maps, and CSCPolicy data.
+ 
+ 20. As of 1.3.70, the OpenAFS Client is compatible with Windows XP SP2
+ and Windows 2003 SP1.  The Internet Connection Firewall will be 
+ automatically adjusted to allow the receipt of incoming callback messages 
+ from the AFS file server.  In addition, the appropriate Back Connection 
+ entries are added to the registry to allow SMB authentication to be 
+ performed across the loopback connection.
+ 
+ 21. As of 1.3.70, the OpenAFS Client Service supports the CIFS Remote
+ Admin Protocol which provides browsing of server and share information.
+ This significantly enhances the functionality of AFS volumes within the
+ Explorer Shell.
+ 
+ 22. OpenAFS will now automatically forget a user's tokens upon Logoff
+ unless the user's profile was loaded from an AFS volume.  In this situation
+ there is no mechanism to determine when the profile has been successfully
+ written back to the network.  It is therefore unsafe to release the user's
+ tokens.
+ 
  ------------------------------------------------------------------------
  
  Reporting Bugs:
Index: openafs/doc/txt/winnotes/afs-issues.txt
diff -c openafs/doc/txt/winnotes/afs-issues.txt:1.3 openafs/doc/txt/winnotes/afs-issues.txt:1.5
*** openafs/doc/txt/winnotes/afs-issues.txt:1.3	Wed Jun 23 16:22:42 2004
--- openafs/doc/txt/winnotes/afs-issues.txt	Sun Jul 25 16:53:09 2004
***************
*** 1,16 ****
! This file is a rough list of known issues with the 1.3.65 release of OpenAFS
  on Windows.  This list is not complete.  There are probably other issues 
  which can be found in the RT database or on the mailing list.
  
  
  (1) File/Directory access is not integrated with windows security 
  
- (2) tokens are assigned to the service on a system global basis.  Therefore, 
- all users and processes on the machine are able to access files with the 
- list of available tokens.  This is dangerous if anonymous logins are enabled;
- or if multiple users are on the machine (ie, Terminal Server or XP user 
- switching)
- 
  (3) SMB LANA list is static.  
  
  (3a) IP address changes cause the service to terminate due to an assertion 
--- 1,10 ----
! This file is a rough list of known issues with the 1.3.70 release of OpenAFS
  on Windows.  This list is not complete.  There are probably other issues 
  which can be found in the RT database or on the mailing list.
  
  
  (1) File/Directory access is not integrated with windows security 
  
  (3) SMB LANA list is static.  
  
  (3a) IP address changes cause the service to terminate due to an assertion 
***************
*** 88,159 ****
       temporarily unable to access the Cell due to network restore timing
       issues.)
  
! (18) No support for Unicode filenames.  Translations make file unreadable
  
  (19) No auto-restart on service failure
  
  (20) Better EventLog handling
  
! (21) Named Pipes Support
  
  (22) Memory Mapped File support
  
! (23) Large file support
  
! (26) Implement persistent disk based cache which survives restarts
  
! (27) NSIS Installer issues
       (a) integration with KFW install script
       (b) Optional removal of AFS Server volumes
  
! (28) The User Interface needs to be re-designed to separate the per-user
       and per-machine settings.  All of the new registry items need to 
       be added to the UI
  
! (29) Windows XP SP2 and Windows 2003 SP1 are going to lockdown the 
!      machine.  We need to add code to programatically open the 
!      Internet Connection Firewall to the ports needed by the various
!      AFS services.
! 
! (30) There appears to be a thread safety issue in the Rx library when
       running on Intel processors which support hyper-threading
  
! (32) Thread initialization versus Global Drive Mapping.  There is no
       mechanism in the afsd_init.c to ensure that all of the threads 
       complete initializing in the correct sequence.  In the case of 
       Global Drive Maps this is a problem because the Global Drive Maps
       can be executed prior to the completion of the SMB registration
       and service thread initialization.
  
! (35) Should we allow the AFSCACHE file to be stored in the Virtual Paging
       file as long as we do not support persistent caches?
  
  
  -------------------------------------------------------------------------
! List sent to SLAC:
  
!    1. Convert from use of .INI files to appropriate places in the registry
!    2. No longer use AFS Client Service "cell" as the default cell for individual users
!    3. Re-write afsd_service.exe to perform synchronized thread startup and shutdown.  Currently there is no synchronization of thread creation which results in timing conflicts; and there is no attempt to cleanly shutdown the service which causes problems when restarting and prevents the implementation of a persistent cache
!    4. Implement a persistent cache
!    5. Prevent panic situation when the root.afs volume is not reachable
!    6. Prevent panic situation when the IP address to which the SMB server is bound is removed from the local machine's network configuration
!    7. Only use Local RPC mechanism unless Gateway mode is on
!    8. Identify and fix the problems with running the RX library on Hyperthreaded systems
!    9. Add support for Named Pipes within the afs filesystem
!   10. Add support for Windows XP2 - dynamically open/close ports in the firewall
!   11. Add support for r/w mounts in the Freelance fake root.afs volume.
!   12. Re-write afscreds.exe to support:
           1. choosing between Kerberos 5 and Kerberos 4 on a per principal basis
           2. providing users with the ability to map multiple cells to a single principal
           3. providing change password functionality on a per principal basis
           4. no longer include drive mapping
           5. configuration of afscreds startup options in shortcut
!   13. Re-write afs_config.exe to be only "per user" functionality which does not require admin privileges
           1. default cell and principal for the user
           2. drive mappings
           3. visibility of afs creds and setting of afs creds startup options
!   14. Create new afs_admin.exe tool to be installed in the administrator folder (or use MMS) which contains
           1. afs client service cell name
           2. integrated logon configuration
           3. Gateway configuration
--- 82,165 ----
       temporarily unable to access the Cell due to network restore timing
       issues.)
  
! (18) No support for Unicode CIFS/SMB data structures.  OEM Code Pages prevent
!      the use of interoperable file names; force the use of paths no longer 
!      than 256 characters; force share names to be no longer than 13 
!      characters; restrict authentication to ASCII only names and passwords;
!      etc.
  
  (19) No auto-restart on service failure
  
  (20) Better EventLog handling
  
! (21) Named Pipes Support [requires modifications to AFS servers to support]
  
  (22) Memory Mapped File support
  
! (23) Large file support [both SMB/CIFS and AFS]
  
! (24) Implement persistent disk based cache which survives restarts
  
! (25) NSIS Installer issues
       (a) integration with KFW install script
       (b) Optional removal of AFS Server volumes
  
! (26) The User Interface needs to be re-designed to separate the per-user
       and per-machine settings.  All of the new registry items need to 
       be added to the UI
  
! (27) There appears to be a thread safety issue in the Rx library when
       running on Intel processors which support hyper-threading
  
! (28) Thread initialization versus Global Drive Mapping.  There is no
       mechanism in the afsd_init.c to ensure that all of the threads 
       complete initializing in the correct sequence.  In the case of 
       Global Drive Maps this is a problem because the Global Drive Maps
       can be executed prior to the completion of the SMB registration
       and service thread initialization.
  
! (29) Should we allow the AFSCACHE file to be stored in the Virtual Paging
       file as long as we do not support persistent caches?
  
+ (30) CIFS Remote Administration Protocol implementation is incomplete.
+      Notifications are not made to requestors when the view of a file
+      or folder changes due to token acquisition; token expiration; or
+      token destruction
+ 
+ (31) Microsoft Office appears to have trouble editing files of ~20MB
+      or larger from within AFS.  Performance is particularly slow and
+      applications such as Word often crash upon saving the files.
+       
  
  -------------------------------------------------------------------------
! List of unfunded projects:
  
!    1. No longer use AFS Client Service "cell" as the default cell for individual users
!    2. Re-write afsd_service.exe to perform synchronized thread startup and shutdown.  
!       Currently there is no synchronization of thread creation which results in timing 
!       conflicts; and there is no attempt to cleanly shutdown the service which causes 
!       problems when restarting and prevents the implementation of a persistent cache
!    3. Implement a persistent cache
!    4. Prevent panic situation when the root.afs volume is not reachable
!    5. Prevent panic situation when the IP address to which the SMB server is bound is removed 
!       from the local machine's network configuration
!    6. Identify and fix the problems with running the RX library on Hyperthreaded systems
!    7. Add support for Named Pipes within the afs filesystem
!       (This is not currently a supported feature of AFS; it will require 
!       changes to the servers as well as the clients.)
!    8. Re-write afscreds.exe to support:
           1. choosing between Kerberos 5 and Kerberos 4 on a per principal basis
           2. providing users with the ability to map multiple cells to a single principal
           3. providing change password functionality on a per principal basis
           4. no longer include drive mapping
           5. configuration of afscreds startup options in shortcut
!    9. Re-write afs_config.exe to be only "per user" functionality which does not require admin 
!       privileges
           1. default cell and principal for the user
           2. drive mappings
           3. visibility of afs creds and setting of afs creds startup options
!   10. Create new afs_admin.exe tool to be installed in the administrator folder (or use MMS) 
!       which contains
           1. afs client service cell name
           2. integrated logon configuration
           3. Gateway configuration
***************
*** 167,177 ****
          11. network configuration
          12. miscellaneous
          13. need to add support for all of the new registry values since 1.2.8
!   15. Identify why 16-bit DOS applications executed out of AFS fail
!   16. Create new Windows Security Group to which users can be added for them to become AFS Client Administrators
!   17. Add support for configurable Icon file representing AFS folders within the Explorer Shell
!   18. Documentation Documentation Documentation
!   19. Large File support (> 2GB)
!   20. Integrate KFW installation into the NSIS installer
!   21. Fix High Security mode (prevents SMB shares from being shared by more than one session)
! 
--- 173,190 ----
          11. network configuration
          12. miscellaneous
          13. need to add support for all of the new registry values since 1.2.8
!   11. Identify why 16-bit DOS applications executed out of AFS fail
!   12. Create new Windows Security Group to which users can be added for them to become AFS 
!       Client Administrators
!   13. Add support for configurable Icon file representing AFS folders within the Explorer Shell
!   14. Documentation Documentation Documentation
!   15. Large File support (> 2GB)
!   16. Integrate KFW installation into the NSIS installer
!   17. Add support for record locking to AFS (requires changes to the servers)
!   18. Unicode enable the SMB/CIFS server.  OEM Code Pages: 
!       1. prevent the use of interoperable file names
!       2. force the use of paths no longer than 256 characters
!       3. force share names to be no longer than 13 characters
!       4. restrict authentication to ASCII only names and passwords
!   19. Complete implementation of CIFS Remote Administration Protocol
!   20. Identify and correct the problems with Microsoft Office applications
Index: openafs/doc/txt/winnotes/registry.txt
diff -c openafs/doc/txt/winnotes/registry.txt:1.5 openafs/doc/txt/winnotes/registry.txt:1.14
*** openafs/doc/txt/winnotes/registry.txt:1.5	Sat Jun  5 14:59:41 2004
--- openafs/doc/txt/winnotes/registry.txt	Thu Jul 22 18:15:37 2004
***************
*** 1,8 ****
  
! Registry keys used in the Windows AFS Client
! --------------------------------------------
  
! This file describes the registry keys used in the Windows AFS clients.
  
  1. Service parameters
  ---------------------
--- 1,8 ----
  
! Registry keys and Environment Variables used in the Windows AFS Client
! ----------------------------------------------------------------------
  
! REGISTRY KEYS:
  
  1. Service parameters
  ---------------------
***************
*** 264,269 ****
--- 264,278 ----
    The provides an opportunity for at least one retry.
  
  
+ Value  : TraceOption
+ Type   : DWORD {0, 1, 2, 3}
+ Default : 0
+ 
+   Enables logging of debug output to the Windows Event Log.
+   Bit 0 enables logging of "Logon Events" processed by the Network Provider
+   and Winlogon Event Notification Handler.  
+   Bit 1 enables logging of events captured by the AFS Client Service.
+ 
  Value   : AllSubmount
  Type    : DWORD {0, 1}
  Default : 1
***************
*** 280,285 ****
--- 289,336 ----
    Disables the attempt to identity the network adapter to use by 
    looking for an adapter with a display name of "AFS".
  
+ Value   : MaxCPUs
+ Type    : DWORD {1..32} or {1..64} depending on the architecture
+ Default : <no default>
+ 
+   If this value is specified, afsd_service.exe will restrict itself
+   to executing on the specified number of CPUs if there are a greater
+   number installed in the machine.  
+ 
+   NOTE: Setting this entry to "1" may be required on hyperthreaded 
+   systems to avoid crashes in the RX library.
+ 
+ Value   : smbAuthType
+ Type    : DWORD {0..2} 
+ Default : 2
+ 
+   If this value is specified, it defines the type of SMB authentication    
+   which must be present in order for the Windows SMB client to connect
+   to the AFS Client Service's SMB server.  The values are:
+     0 = No authentication required
+     1 = NTLM authentication required
+     2 = Extended (GSS SPNEGO) authentication required
+   The default is Extended authentication
+ 
+ Value   : MaxLogSize
+ Type    : DWORD {0 .. MAXDWORD}
+ Default : 100K
+ 
+   This entry determines the maximum size of the %WINDIR%\TEMP\afsd_init.log 
+   file.  If the file is larger than this value when afsd_service.exe starts
+   the file will be reset to 0 bytes.  If this value is 0, it means the file
+   should be allowed to grow indefinitely.
+ 
+ 
+ Regkey:
+ [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters\GlobalAutoMapper]
+ 
+ Value   : <Drive Letter:> for example "G:"
+ Type    : SZ
+ 
+     Specifies the submount name to be mapped by afsd_service.exe at startup
+     to the provided drive letter.
+ 
  
  
  Regkey:
***************
*** 288,294 ****
  
  2. Network provider parameters
  ------------------------------
! Affects the network provider (aklogon.dll).
  
  Regkey:
  [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters]
--- 339,345 ----
  
  2. Network provider parameters
  ------------------------------
! Affects the network provider (afslogon.dll).
  
  Regkey:
  [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters]
***************
*** 310,316 ****
  
  Value   : AuthentProviderPath
  Type    : REG_SZ
! NSIS    : <install path>\afslogon.dll
  
    Specifies the install location of the authentication provider dll.
  
--- 361,367 ----
  
  Value   : AuthentProviderPath
  Type    : REG_SZ
! NSIS    : %WINDIR%\SYSTEM32\afslogon.dll
  
    Specifies the install location of the authentication provider dll.
  
***************
*** 337,360 ****
    depends.  Windows should not attempt to start the AFS Client Service
    until all of the specified services have successfully started.
    
- Value   : LogonOptions
- Type    : DWORD
- NSIS    : depends on user configuration
- 
-   0x00 - Integrated Logon is not used
-   0x01 - Integrated Logon is used
-   0x02 - High Security Mode is used
-   0x03 - Integrated Logon with High Security Mode is used
- 
-   High Security Mode generates random SMB names for the creation of
-   Drive Mappings.  This mode should not be used without Integrated Logon.
- 
- Value   : LogonScript
- Type    : REG_SZ
- NSIS    : <install path>\afscreds.exe -:%s -x
- 
-   Specifies the command to be executed at the end of successful logon.
- 
  Value   : Name
  Type    : REG_SZ
  NSIS    : "OpenAFSDaemon"
--- 388,393 ----
***************
*** 363,377 ****
  
  Value   : ProviderPath
  Type    : REG_SZ
! NSIS    : <install path>\afslogon.dll
  
    Specifies the DLL to use for the network provider
  
- Value   : VerboseLogging
- Type    : DWORD
- NSIS    : 0x0a
  
!   Determines the level of logging to be enabled
  
  
  3. AFS Credentials System Tray Tool parameters
--- 396,565 ----
  
  Value   : ProviderPath
  Type    : REG_SZ
! NSIS    : %WINDIR%\SYSTEM32\afslogon.dll
  
    Specifies the DLL to use for the network provider
  
  
! Regkey:
! [HKLM\SOFTWARE\OpenAFS\Client]
! 
! Value   : CellServDBDir
! Type	: REG_SZ
! Default : <not defined>
! 
!   Specifies the directory containing the CellServDB file.
!   When this value is not specified, the AFS Client install
!   directory is used.
! 
! 
! 
! 2.1 Domain specific configuration keys for the Network Provider
! ---------------------------------------------------------------
! 
! The network provider can be configured to have different behavior
! depending on the domain that the user logs into.  These settings are
! only relevant when using integrated login.  A domain refers to an
! Active Directory (AD) domain, a trusted Kerberos (non-AD) realm or the
! local machine (i.e. local account logins).  The domain name that is
! used for selecting the domain would be the domain that is passed into
! the NPLogonNotify function of the network provider.
! 
! Domain specific registry keys are :
! 
! [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider]
!   (NP key)
! 
! [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider\Domain]
!   (Domains key)
! 
! [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider\Domain\"domain name"]
!   (Specific domain key. One per domain.)
! 
! [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider\Domain\LOCALHOST]
!   (Localhost key)
! 
! eg:
!  HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider
!   |
!   +- Domain
!      +-AD1.EXAMPLE.COM
!      +-AD2.EXAMPLE.NET
!      +-LOCALHOST
! 
! Each of the domain specific keys can have the set of values described
! in 2.1.1.  The effective values are chosen as described in 2.1.2.
! 
! 2.1.1  Domain specific configuration values
! -------------------------------------------
! [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider]
! [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider\Domain]
! [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider\Domain\"domain name"]
! [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider\Domain\LOCALHOST]
! 
!   Value   : LogonOptions
!   Type    : DWORD
!   Default : 0x01
!   NSIS/WiX: depends on user configuration
! 
!   0x00 - Integrated Logon is not used
!   0x01 - Integrated Logon is used
!   0x02 - High Security Mode is used
!   0x03 - Integrated Logon with High Security Mode is used
! 
!   High Security Mode generates random SMB names for the creation of
!   Drive Mappings.  This mode should not be used without Integrated Logon.
! 
!   As of 1.3.65 the SMB server supports SMB authentication.  The High
!   Security Mode should not be used when using SMB authentication
!   (SMBAuthType setting is non zero).
! 
!   Value   : FailLoginsSilently
!   Type    : DWORD (1|0)
!   Default : 0
!   NSIS/WiX: (not set)
! 
!      If true, does not display any visible warnings in the event of an
!      error during the integrated login process.
! 
!   Value   : LogonScript
!   Type    : REG_SZ or REG_EXPAND_SZ
!   Default : (null)
!   NSIS/WiX: (only value under NP key) <install path>\afscreds.exe -:%s -x -a -m -n -q
! 
!      A logon script that will be scheduled to be run after the profile
!      load is complete.  If using the REG_EXPAND_SZ type, you can use
!      any system environment variable as "%varname%" which would be
!      expanded at the time the network provider is run.  Optionally
!      using a "%s" in the value would result in it being expanded into
!      the AFS SMB username for the session.
! 
!   Value   : LoginRetryInterval
!   Type    : DWORD
!   Default : 30
!   NSIS/WiX: (not set)
! 
!      If the OpenAFS client service has not started yet, the network
!      provider will wait for a maximum of "LoginRetryInterval" seconds
!      while retrying every "LoginSleepInterval" seconds to check if the
!      service is up.
! 
!   Value   : LoginSleepInterval
!   Type    : DWORD
!   Default : 5
!   NSIS/WiX: (not set)
! 
!      See description of LoginRetryInterval.
! 
! 
! 2.1.2  Selection of effective values for domain specific configuration
! ----------------------------------------------------------------------
! 
!   During login to domain X, where X is the domain passed into
!   NPLogonNotify as lpAuthentInfo->LogonDomainName or the string
!   'LOCALHOST' if lpAuthentInfo->LogonDomainName equals the name of the
!   computer, the following keys will be looked up.
! 
!     1. NP key. ("HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider")
!     2. Domains key. (NP key\"Domain")
!     3. Specific domain key. (Domains key\X)
! 
!   If the specific domain key does not exist, then the domains key will
!   be ignored.  All the configuration information in this case will
!   come from the NP key.
! 
!   If the specific domain key exists, then for each of the values
!   metioned in (2), they will be looked up in the specific domain key,
!   domains key and the NP key successively until the value is found.
!   The first instance of the value found this way will be the effective
!   for the login session.  If no such instance can be found, the
!   default will be used.  To re-iterate, a value in a more specific key
!   supercedes a value in a less specific key.  The exceptions to this
!   rule are stated below.
! 
! 2.1.3  Exceptions to 2.1.2
! --------------------------
! 
!   To retain backwards compatibility, the following exceptions are made
!   to 2.1.2.
! 
! 2.1.3.1 'FailLoginsSilently'
! 
!   Historically, the 'FailLoginsSilently' value was in
!   HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters
!   key and not in the NP key.  Therefore, for backwards compatibility,
!   the value in the Parameters key will supercede all instances of this
!   value in other keys.  In the absence of this value in the Parameters
!   key, normal scope rules apply.
! 
! 2.1.3.2 'LogonScript'
! 
!   If a 'LogonScript' is not specified in the specific domain key nor
!   in the domains key, the value in the NP key will only be checked if
!   the effective 'LogonOptions' specify a high security integrated
!   login.  If a logon script is specified in the specific domain key or
!   the domains key, it will be used regardless of the high security
!   setting.  Please be aware of this when setting this value.
  
  
  3. AFS Credentials System Tray Tool parameters
***************
*** 432,437 ****
--- 620,649 ----
  
  
  Regkey:
+ [HKCU\SOFTWARE\OpenAFS\Client]
+ 
+ Value   : Authentication Cell
+ Type    : REG_SZ
+ Default : <none>
+ Function: Afscreds.exe GetDefaultCell()
+ 
+   This value allows the user to configure a different cell name to
+   be used as the default cell when acquiring tokens in afscreds.exe
+ 
+ 
+ Regkey:
+ [HKCU\SOFTWARE\OpenAFS\Client]
+ 
+ Value   : Authentication Cell
+ Type    : REG_SZ
+ Default : <none>
+ Function: Afscreds.exe GetDefaultCell()
+ 
+   This value allows the user to configure a different cell name to
+   be used as the default cell when acquiring tokens in afscreds.exe
+ 
+ 
+ Regkey:
  [HKCU\SOFTWARE\OpenAFS\Client\Reminders]
  
  Value   : "afs cell name"
***************
*** 446,448 ****
--- 658,816 ----
    [HKLM\Software\TransarcCorporation\AFS Client\AfsCreds].
  
  
+ Regkey:
+ [HKCU\SOFTWARE\OpenAFS\Client\Active Maps]
+ 
+ Value   : "upper case drive letter"
+ Type    : DWORD {0, 1}
+ Default : <none>
+ 
+   These values are used to store the persistence state of the AFS 
+   drive mappings as listed in the [...\Client\Mappings] key
+ 
+   These values used to be stored in the afsdsbmt.ini file
+ 
+ Regkey:
+ [HKCU\SOFTWARE\OpenAFS\Client\Mappings]
+ 
+ Value   : "upper case drive letter"
+ Type    : REG_SZ
+ Default : <none>
+ 
+   These values are used to store the AFS path in Unix notation
+   to which the drive letter is to be mapped.
+ 
+   These values used to be stored in the afsdsbmt.ini file.
+ 
+ 
+ Regkey:
+ [HKLM\SOFTWARE\OpenAFS\Client\CSCPolicy]
+ 
+ Value   : "smb/cifs share name"
+ Type    : REG_SZ
+ Default : <none>
+ 
+     This key is used to map SMB/CIFS shares to Client Side Caching 
+     (off-line access) policies. For each share one of the following
+     policies may be used: "manual", "programs", "documents", "disable"
+ 
+     These values used to be stored in afsdsbmt.ini
+ 
+ Regkey:
+ [HKLM\SOFTWARE\OpenAFS\Client\Freelance]
+ 
+ Value   : "numeric value"
+ Type    : REG_SZ
+ Default : <none>
+ 
+     This key is used to store newline terminated mount point strings 
+     for use in constructing the fake root.afs volume when Freelance
+     (dynamic roots) mode is activated.
+ 
+         "athena.mit.edu#athena.mit.edu:root.cell.\n"
+         ".athena.mit.edu%athena.mit.edu:root.cell.\n"
+ 
+     These values used to be stored in afs_freelance.ini
+ 
+ 
+ Regkey:
+ [HKLM\SOFTWARE\OpenAFS\Client\Submounts]
+ 
+ Value   : "submount name"
+ Type    : REG_SZ
+ Default : <none>
+ 
+     This key is used to store mappings of unix style AFS paths
+     to submount names which can be referenced as UNC paths.
+     For example the submount string "/athena.mit.edu/user/j/a/jaltman"
+     can be associated with the submount name "jaltman.home".
+     This can then be referenced as the UNC path \\AFS\jaltman.home.
+ 
+     These values used to be stored in afsdsbmt.ini
+ 
+ 
+ Regkey:
+ [HKCU\SOFTWARE\OpenAFS\Client\Active Maps]
+ 
+ Value   : "upper case drive letter"
+ Type    : DWORD {0, 1}
+ Default : <none>
+ 
+   These values are used to store the persistence state of the AFS 
+   drive mappings as listed in the [...\Client\Mappings] key
+ 
+   These values used to be stored in the afsdsbmt.ini file
+ 
+ Regkey:
+ [HKCU\SOFTWARE\OpenAFS\Client\Mappings]
+ 
+ Value   : "upper case drive letter"
+ Type    : REG_SZ
+ Default : <none>
+ 
+   These values are used to store the AFS path in Unix notation
+   to which the drive letter is to be mapped.
+ 
+   These values used to be stored in the afsdsbmt.ini file.
+ 
+ 
+ Regkey:
+ [HKLM\SOFTWARE\OpenAFS\Client\CSCPolicy]
+ 
+ Value   : "smb/cifs share name"
+ Type    : REG_SZ
+ Default : <none>
+ 
+     This key is used to map SMB/CIFS shares to Client Side Caching 
+     (off-line access) policies. For each share one of the following
+     policies may be used: "manual", "programs", "documents", "disable"
+ 
+     These values used to be stored in afsdsbmt.ini
+ 
+ Regkey:
+ [HKLM\SOFTWARE\OpenAFS\Client\Freelance]
+ 
+ Value   : "numeric value"
+ Type    : REG_SZ
+ Default : <none>
+ 
+     This key is used to store newline terminated mount point strings 
+     for use in constructing the fake root.afs volume when Freelance
+     (dynamic roots) mode is activated.
+ 
+         "athena.mit.edu#athena.mit.edu:root.cell.\n"
+         ".athena.mit.edu%athena.mit.edu:root.cell.\n"
+ 
+     These values used to be stored in afs_freelance.ini
+ 
+ 
+ Regkey:
+ [HKLM\SOFTWARE\OpenAFS\Client\Submounts]
+ 
+ Value   : "submount name"
+ Type    : REG_SZ
+ Default : <none>
+ 
+     This key is used to store mappings of unix style AFS paths
+     to submount names which can be referenced as UNC paths.
+     For example the submount string "/athena.mit.edu/user/j/a/jaltman"
+     can be associated with the submount name "jaltman.home".
+     This can then be referenced as the UNC path \\AFS\jaltman.home.
+ 
+     These values used to be stored in afsdsbmt.ini
+ 
+ 
+ ENVIRONMENT VARIABLES:
+ 
+ Variable: AFS_RPC_ENCRYPT 
+ Values:   "OFF" disables the use of RPC encryption
+           any other value allows RPC encryption to be used
+ Default:  RPC encryption is on
+ 
+ 
+ Variable: AFS_RPC_PROTSEQ
+ Values:   "ncalrpc"  - local RPC 
+           "ncacn_np" - named pipes
+           "ncacn_ip_tcp" - tcp/ip
+ Default:  local RPC
+ 
