Index: openafs/doc/html/AdminGuide/auagd024.htm
diff -c openafs/doc/html/AdminGuide/auagd024.htm:1.1 openafs/doc/html/AdminGuide/auagd024.htm:1.2
*** openafs/doc/html/AdminGuide/auagd024.htm:1.1	Wed Jun  6 14:09:08 2001
--- openafs/doc/html/AdminGuide/auagd024.htm	Thu Jul 29 00:29:33 2004
***************
*** 87,93 ****
  cache.
  <P><LI>cacheFlushes: Number of files flushed from cache.
  <P><LI>cacheFilesReused: Number of cache files reused.
! <P><LI>ProtServerAddr: Address of Protection Server used.
  <P><LI>vcacheXAllocs: Additionally allocated vcaches.
  <P><LI>bufAlloced: Number of buffers allocated by AFS.
  <P><LI>bufHits: Number of pages found on buffer cache.
--- 87,93 ----
  cache.
  <P><LI>cacheFlushes: Number of files flushed from cache.
  <P><LI>cacheFilesReused: Number of cache files reused.
! <P><LI>dcacheXAllocs: Additionally allocated dcaches.
  <P><LI>vcacheXAllocs: Additionally allocated vcaches.
  <P><LI>bufAlloced: Number of buffers allocated by AFS.
  <P><LI>bufHits: Number of pages found on buffer cache.
***************
*** 991,996 ****
--- 991,997 ----
  operations.
  <P><LI>CallBack_ops_max: Maximum execution time observed for CallBack
  operations.
+ <P><LI>CallBack_ops_sqr: Sum of the square of CallBack operations executed.
  <P><LI>InitCallBackState_ops: Number of InitCallBackState operations
  executed.
  <P><LI>InitCallBackState_ops_ok: Number of successful InitCallBackState
***************
*** 1001,1006 ****
--- 1002,1009 ----
  InitCallBackState operations.
  <P><LI>InitCallBackState_ops_max: Maximum execution time observed for
  InitCallBackState operations.
+ <P><LI>InitCallBackState_ops_sqr: Sum of squares of timings for InitCallBackState
+ operations.
  <P><LI>Probe_ops: Number of Probe operations executed.
  <P><LI>Probe_ops_ok: Number of successful Probe operations.
  <P><LI>Probe_ops_sum: Sum of timings for Probe operations.
***************
*** 1008,1013 ****
--- 1011,1017 ----
  operations.
  <P><LI>Probe_ops_max: Maximum execution time observed for Probe
  operations.
+ <P><LI>Probe_ops_sqr: Sum of squares of timings for Probe operations.
  <P><LI>GetLock_ops: Number of GetLock operations executed.
  <P><LI>GetLock_ops_ok: Number of successful GetLock operations.
  <P><LI>GetLock_ops_sum: Sum of timings for GetLock operations.
***************
*** 1015,1020 ****
--- 1019,1025 ----
  operations.
  <P><LI>GetLock_ops_max: Maximum execution time observed for GetLock
  operations.
+ <P><LI>GetLock_ops_sqr: Sum of squares of timings for GetLock operations.
  <P><LI>GetCE_ops: Number of GetCE operations executed.
  <P><LI>GetCE_ops_ok: Number of successful GetCE operations.
  <P><LI>GetCE_ops_sum: Sum of timings for GetCE operations.
***************
*** 1022,1027 ****
--- 1027,1033 ----
  operations.
  <P><LI>GetCE_ops_max: Maximum execution time observed for GetCE
  operations.
+ <P><LI>GetCE_ops_sqr: Sum of squares of timings for GetCE operations.
  <P><LI>XStatsVersion_CM_ops: Number of XStatsVersion operations
  executed.
  <P><LI>XStatsVersion_CM_ops_ok: Number of successful XStatsVersion
***************
*** 1032,1037 ****
--- 1038,1045 ----
  XStatsVersion operations.
  <P><LI>XStatsVersion_CM_ops_max: Maximum execution time observed for
  XStatsVersion operations.
+ <P><LI>XStatsVersion_CM_ops_sqr: Sum of squares of timings for XStatsVersion
+ operations.
  <P><LI>GetXStats_CM_ops: Number of GetXStats operations executed.
  <P><LI>GetXStats_CM_ops_ok: Number of successful GetXStats
  operations.
***************
*** 1041,1046 ****
--- 1049,1056 ----
  operations.
  <P><LI>GetXStats_CM_ops_max: Maximum execution time observed for GetXStats
  operations.
+ <P><LI>GetXStats_CM_ops_sqr: Sum of squares of timings for GetXStats
+ operations.
  </UL>
  <P><H3><A NAME="Header_711" HREF="auagd002.htm#ToC_711">Authentication and Replicated File Access Section (Auth_Access_section)</A></H3>
  <P>Authentication Information for Cache Manager Group (Auth_Stats_group)
Index: openafs/doc/html/AdminReference/auarf052.htm
diff -c openafs/doc/html/AdminReference/auarf052.htm:1.1 openafs/doc/html/AdminReference/auarf052.htm:1.3
*** openafs/doc/html/AdminReference/auarf052.htm:1.1	Wed Jun  6 14:09:11 2001
--- openafs/doc/html/AdminReference/auarf052.htm	Thu Jul 29 00:17:02 2004
***************
*** 54,66 ****
  <B>afsmonitor</B> program passes as arguments to the
  <VAR>cmd_to_execute</VAR> command. If any of them include one or more
  spaces, enclose the entire field in double quotes.
  <P>The parameters <B>fs</B>, <B>cm</B>, <VAR>field_name</VAR>,
  <VAR>threshold_val</VAR>, and <VAR>arg</VAR><SUB>1</SUB> through
  <VAR>arg</VAR><SUB>n</SUB> correspond to the values with the same name on the
  <B>thresh</B> line. The <VAR>host_name</VAR> parameter identifies the
  file server or client machine where the statistic has crossed the threshold,
  and the <VAR>actual_val</VAR> parameter is the actual value of
! <VAR>field_name</VAR> that equals or exceeds the threshold value.
  <P>Use the <B>thresh</B> line to set either a global threshold, which
  applies to all file server machines listed on <B>fs</B> lines or client
  machines listed on <B>cm</B> lines in the configuration file, or a
--- 54,72 ----
  <B>afsmonitor</B> program passes as arguments to the
  <VAR>cmd_to_execute</VAR> command. If any of them include one or more
  spaces, enclose the entire field in double quotes.
+ <p>The <b>afsmonitor</b> program passes the following parameters to the
+ <var>cmd_to_execute</var>&#58;
+ <p><dt><b><var>host_name</var> fs|cm <var>field_name</var>
+ <var>threshold_val</var>
+ <var>actual_val</var> [&lt;<var>arg</var><sub>1</sub>>]
+ . . . [&lt;<var>arg</var><sub>n</sub>>]</b>
  <P>The parameters <B>fs</B>, <B>cm</B>, <VAR>field_name</VAR>,
  <VAR>threshold_val</VAR>, and <VAR>arg</VAR><SUB>1</SUB> through
  <VAR>arg</VAR><SUB>n</SUB> correspond to the values with the same name on the
  <B>thresh</B> line. The <VAR>host_name</VAR> parameter identifies the
  file server or client machine where the statistic has crossed the threshold,
  and the <VAR>actual_val</VAR> parameter is the actual value of
! <VAR>field_name</VAR> that exceeds the threshold value.
  <P>Use the <B>thresh</B> line to set either a global threshold, which
  applies to all file server machines listed on <B>fs</B> lines or client
  machines listed on <B>cm</B> lines in the configuration file, or a
Index: openafs/doc/html/AdminReference/auarf059.htm
diff -c openafs/doc/html/AdminReference/auarf059.htm:1.1 openafs/doc/html/AdminReference/auarf059.htm:1.2
*** openafs/doc/html/AdminReference/auarf059.htm:1.1	Wed Jun  6 14:09:11 2001
--- openafs/doc/html/AdminReference/auarf059.htm	Thu Jul 29 00:03:31 2004
***************
*** 41,47 ****
  operations. It allows the issuer to monitor, from a single location, a
  wide range of File Server and Cache Manager operations on any number of
  machines in both local and foreign cells.
! <P>There are 271 available File Server statistics and 570 available Cache
  Manager statistics, listed in the appendix about <B>afsmonitor</B>
  statistics in the <I>IBM AFS Administration Guide</I>. By default,
  the command displays all of the relevant statistics for the file server
--- 41,47 ----
  operations. It allows the issuer to monitor, from a single location, a
  wide range of File Server and Cache Manager operations on any number of
  machines in both local and foreign cells.
! <P>There are 271 available File Server statistics and 571 available Cache
  Manager statistics, listed in the appendix about <B>afsmonitor</B>
  statistics in the <I>IBM AFS Administration Guide</I>. By default,
  the command displays all of the relevant statistics for the file server
Index: openafs/doc/txt/winnotes/afs-changes-since-1.2.txt
diff -c openafs/doc/txt/winnotes/afs-changes-since-1.2.txt:1.8 openafs/doc/txt/winnotes/afs-changes-since-1.2.txt:1.13.2.1
*** openafs/doc/txt/winnotes/afs-changes-since-1.2.txt:1.8	Mon Jul 26 19:24:09 2004
--- openafs/doc/txt/winnotes/afs-changes-since-1.2.txt	Tue Aug 10 00:10:44 2004
***************
*** 1,3 ****
--- 1,71 ----
+ Since 1.3.66:
+    * file and directory names beginning with "." will now be given the
+      hidden attribute when the volume access is anonymous.  this matches
+      the behavior when the volume access is via an authenticated user.
+ 
+    * Added a change monitor to the HKLM\SOFTWARE\OpenAFS\Client\Freelance
+      key.  When a change occurs mark the root.afs data as invalid and
+      for it to be reloaded on the next access.  This allows administrators
+      to modify the mount point list without restarting the service.
+      
+      The freelance client used to provide a fake modification time for
+      the root.afs volume data and its mount points of 7/09/2001 14:24 EDT.
+      Added code to extract the last modification time of the Freelance
+      registry key and use that instead.  The time now represents the 
+      most recent mount point change.
+ 
+    * PTS registration of new users to foreign cells has been added to 
+      aklog.exe
+ 
+    * Additional Cache Control and Credential Manager options have been
+      added to the WiX installer.  See deployment guide for details.
+ 
+    * The CachePath setting is now optionally a REG_EXPAND_SZ type
+   
+    * The WiX installer has been upgraded.  Version 2.0.1927.1 is now 
+      required.
+ 
+    * The loopback installation code may have had a problem updating the
+      %ETC%\HOSTS file which could have resulted in a premature failure.
+      Work around code has been added for the case where the file cannot
+      be deleted.
+ 
+    * The default max chunksize was increased from 15 (32K) to 17 (128K)
+      because Windows sends 64K blocks when using overlapped writes.
+ 
+    * The default number of server threads was increased from 4 to 25 to
+      better handle overlapped writes.  
+ 
+    * The "AfscredsShortcutParams" registry value was not being properly
+      loaded by afscreds.exe.  Therefore, the default value was always being
+      used instead of the value set by the installer.
+ 
+    * Windows XP provides downgrade attack detection to prevent an attacker
+      from being able to force the use of NTLM simply by disrupting 
+      communication with the KDC.  This attack cannot exist between the 
+      Windows CIFS client and the AFS Client Service.  Therefore, when a
+      downgrade has been detected the afs pioctl library will force the 
+      establishment of a new CIFS connection using NTLM.
+  
+    * A locking error was discovered surrounding all references to volume
+      server lists within the cm_cell.c source file. 
+ 
+    * The logged into Windows username was incorrect on Terminal Server
+      machines.
+ 
+    * A new registry value "NonPersistentCaching" was added to the service
+      parameters key.  When set to a non-zero value, the afs cache is stored
+      in the Windows paging file.  There are two limitations to choosing
+      this option: 
+         1. when persistent caching is implemented it won't work with 
+            this flag set since there will be nothing to persist.
+         2. with this flag set the initial paging allocation cannot be
+            changed while the service is running
+ 
+    * An initialization bug was discovered in aklog.exe which affected users
+      who have a domain name for their afs servers which could not be mapped
+      to a realm
+ 
  Since 1.3.65:
     * afs_config.exe now validates cell names against DNS in addition
       to the CellServDB file.
***************
*** 63,69 ****
       user's profile is not loaded from within AFS.  If the profile 
       was loaded from AFS we can't release the tokens since the Logoff
       event is triggered prior to the profile being written back to 
!      the its source location.
  
     * Windows XP SP2 Internet Connection Firewall interoperability
       has been added.
--- 131,138 ----
       user's profile is not loaded from within AFS.  If the profile 
       was loaded from AFS we can't release the tokens since the Logoff
       event is triggered prior to the profile being written back to 
!      the its source location.  This is now performed in an XP SP2 
!      safe manner.
  
     * Windows XP SP2 Internet Connection Firewall interoperability
       has been added.
Index: openafs/doc/txt/winnotes/afs-install-notes.txt
diff -c openafs/doc/txt/winnotes/afs-install-notes.txt:1.7 openafs/doc/txt/winnotes/afs-install-notes.txt:1.11.2.1
*** openafs/doc/txt/winnotes/afs-install-notes.txt:1.7	Sun Jul 25 16:53:09 2004
--- openafs/doc/txt/winnotes/afs-install-notes.txt	Tue Aug 10 00:10:44 2004
***************
*** 11,16 ****
--- 11,17 ----
  series but also attempts to enhance the functionality of the product to better 
  fit the usage model of today's users.  Several items standout.  
  
+ 
  1. The Kerberos 4 infrastructure on which the 1.2 series is reliant is no 
  longer secure.  Cross-realm Kerberos is very important in the AFS context and 
  most sites have or are migrating to Kerberos 5 environments.  The 1.3 series 
***************
*** 18,42 ****
  5 functionality including the ability to auto-renew credentials and obtain 
  single sign-on capabilities with the Microsoft Windows Kerberos Logon Service.
  
! The 1.3.65 OpenAFS client will directly use Kerberos 5 tickets as tokens if 
! KFW is installed.  It requires that all of the AFS Servers which it 
! communicates support Kerberos 5 tickets.  This requires that all servers 
! be running OpenAFS release 1.2.8 or higher.  Transarc servers do not support
! Kerberos 5 tickets as tokens.
! 
! When using a Microsoft Windows Active Directory as your KDC for the AFS cell 
! extremely large tickets may be issued.  If this is your situation you either 
! must modify your 1.2.x servers to support tokens larger than a few hundred 
! bytes; or install the 1.3.64 or higher release on your servers.
  
  2. The AFS Client Service does not provide robust behavior in an environment 
  with a plug-n-play network environment.  Changes to the number of network 
! adapters or the assigned IP addresses will cause the client to panic.  The 
! recommended work around for this problem is to install on the machine the 
! Microsoft Loopback Adapter.  When the MLA is installed with a static IP 
! address the AFS Client Service will bind only to the loopback and not be 
! affected by changes to state of other network adapters installed on the 
! system.  
  
  Starting in the 1.3.65 release the installers provided by OpenAFS.org will 
  install the Microsoft Loopback Adapter for you with a name of "AFS" and a 
--- 19,48 ----
  5 functionality including the ability to auto-renew credentials and obtain 
  single sign-on capabilities with the Microsoft Windows Kerberos Logon Service.
  
! As of 1.3.65, the OpenAFS client will directly use Kerberos 5 tickets as tokens if 
! KFW is installed.  The client requires that all of the AFS Servers with which it 
! communicates support the use of Kerberos 5 tickets as tokens (aka 2b tokens).
! This means that all of the AFS servers must be running OpenAFS release 1.2.8 or 
! higher.  Transarc servers do not support Kerberos 5 tickets as tokens.
! 
! When using a Microsoft Windows Active Directory as the KDC which issues the 
! service ticket for the AFS cell there are two things to consider.  First, the 
! Kerberos 5 tickets issued by Active Directory can be quite large when compared 
! to tickets issued by a traditional KDC due to the incorporation of 
! authorization data in the PAC.  If this is your situation you either must 
! modify your 1.2.x servers to support tokens larger than a few hundred bytes; 
! or install the 1.3.64 or higher release on your servers.  Second, Windows 2003 
! Active Directory will issue service tickets utilizing the DES-CBC-MD5 enctype. 
! OpenAFS releases older than 1.3.64 will not properly support this enctype.
! 
  
  2. The AFS Client Service does not provide robust behavior in an environment 
  with a plug-n-play network environment.  Changes to the number of network 
! adapters or the assigned IP addresses will cause the service to panic.  The 
! recommended work around for this problem is to install the Microsoft Loopback 
! Adapter on the machine.  When the MLA is installed with a static IP address 
! the AFS Client Service will bind only to the loopback and not be affected by 
! changes to state of other network adapters installed on the system.  
  
  Starting in the 1.3.65 release the installers provided by OpenAFS.org will 
  install the Microsoft Loopback Adapter for you with a name of "AFS" and a 
***************
*** 48,90 ****
  is in use, the NETBIOS name associated with the AFS Client Service is simply 
  "AFS".  When the MLA is not in use the NETBIOS name is "MACHINE-AFS".
  
! With the MLA installed, UNC paths of the form \\AFS\cellname\path may be used.
  
! 3. When the AFS Client Service starts it must be able to contact the root.afs 
! volume of the default cell.  If the root.afs volume is not accessible when the 
! client service is started, the service will panic.  Since many users now use 
! laptops or otherwise operate in disconnected environments in which a VPN may 
! be needed to access the cell's servers, it is often the case that the root.afs 
! volume for the default cell will not be reachable and the client service 
! cannot successfully start. 
   
! In the 1.3.65 release there is support for a fake root.afs volume which is 
! dynamically constructed when the afs client service starts. This is called 
! Freelance mode.  Freelance mode is turned on by default in the OpenAFS.org 
! installers.  
! 
! A couple of notes about Freelance mode.  First, since the fake root.afs volume 
! is constructed on the fly, when it is first used the only mount points will
! be for the default afs cell.  Do not be concerned.  Any attempt to access a 
! valid cell name will automatically result in a new read-only mount point 
! being created in the fake root.afs volume.  These mount points are preserved 
! between service starts in the HKLM\SOFTWARE\OpenAFS\Client\Freelance registry
! key.
! 
! As of 1.3.70, Freelance mode supports read-write mount points in the fake
! root.afs volume.  In addition, if the mount point list is empty, mount points
! for "cellname" (ro) and ".cellname" (rw) will be automatically generated.
  
! 4. The OpenAFS for Windows client will make use of AFSDB DNS records to 
  discover cell information when it is not located in the local CellServDB file 
  (\Program Files\OpenAFS\Client\CellServDB).
  
- 5. OpenAFS for Windows 1.3.65 only supports Windows 2000, Windows XP, and 
- Windows 2003.  Windows NT 4.0 and the entire Windows 9x/Me line are not 
- supported.  If OpenAFS for Windows runs on those platforms it is by sheer 
- luck.
  
! 6. OpenAFS for Windows installs a Network Provider for use in supporting an 
  Integrated Logon (Single Sign-on) functionality. Integrated Logon can be used 
  when the Windows username and password match the username and password 
  associated with the default cell's Kerberos realm.  For example, if the 
--- 54,111 ----
  is in use, the NETBIOS name associated with the AFS Client Service is simply 
  "AFS".  When the MLA is not in use the NETBIOS name is "MACHINE-AFS".
  
! When the MLA is installed, UNC paths of the form \\AFS\cellname\path may be used.
! 
  
! 3. Traditionally, when the AFS Client Service starts it must be able to 
! access the "root.afs" volume of the default cell.  The "root.afs" volume
! contains a set of read-only and read-write mount points to the "root.cell"
! volumes of various cells the administrator of the default cell believes
! should be accessible.  If the "root.afs" volume is 
! inaccessible when the client service is started, the service will panic.  
! Since many users now use laptops or otherwise operate in disconnected 
! environments in which a VPN may be needed to access the cell's servers, it is 
! often the case that the "root.afs" volume for the default cell is not 
! reachable and the AFS Client Service will not successfully start. 
   
! The OpenAFS Client Service now supports a fake "root.afs" volume which is 
! dynamically constructed when the service starts.  This mode is called 
! Freelance mode.  Freelance mode is turned on by default.
! 
! The contents of the
! fake "root.afs" volume are constructed dynamically as cells are accessed.
! When the fake "root.afs" volume is constructed it will only contain two
! mount points: a read-only and read-write mount point used to access the
! "root.cell" volume of the default AFS cell.  Any attempt to access a 
! valid cell name will automatically result in a new mount point 
! being created in the fake "root.afs" volume.  If the cellname begins with
! a "." the mount point will be read-write; otherwise the mount point will
! be read-only.  These mount points are preserved in the registry at key:
!   HKLM\SOFTWARE\OpenAFS\Client\Freelance
! 
! Additional mount points may be manually created using the "fs mkmount"
! command.  Mount points may be removed using the "fs rmmount" command.
! 
!     fs mkmount \\AFS\all\athena.mit.edu root.cell athena.mit.edu
!     fs mkmount \\AFS\all\.athena.mit.edu root.cell athena.mit.edu -rw
!     fs rmmount \\AFS\all\athena.mit.edu
!     fs rmmount \\AFS\all\.athena.mit.edu
!      
  
! 4. The OpenAFS for Windows client will use AFSDB DNS records to 
  discover cell information when it is not located in the local CellServDB file 
  (\Program Files\OpenAFS\Client\CellServDB).
  
  
! 5. OpenAFS for Windows 1.3.70 only supports Windows 2000, Windows XP, and 
! Windows 2003.  Windows NT 4.0 and the entire Windows 9x/Me line are no
! longer supported.  Older releases of OpenAFS are available for download
! if those operating systems must be supported.  The last version with support
! for Win9x is 1.2.2b.  The last version with support for Windows NT 4.0 is
! 1.2.10.
! 
! 
! 6. OpenAFS for Windows installs a WinLogon Network Provider to provide
  Integrated Logon (Single Sign-on) functionality. Integrated Logon can be used 
  when the Windows username and password match the username and password 
  associated with the default cell's Kerberos realm.  For example, if the 
***************
*** 109,114 ****
--- 130,146 ----
  Authenticated SMB connections which removes the need for High Security mode. 
  DO NOT USE IT!!!!! 
  
+ What Integrated Logon does not do:
+  (a) Integrated Logon does not have the ability to obtain Kerberos 5
+      tickets for use during the Windows Session.  At the current time there
+      is no mechanism by which a Kerberos 5 CCAPI credentials cache can
+      be constructed during the logon process such that it will exist in 
+      the user's logon session.
+  (b) Integrated Logon does not have the ability to cache the user's 
+      username and password for the purpose of obtaining tokens if the
+      Kerberos KDC is inaccessible at logon time.
+ 
+ 
  7. The AFS Systray tool (afscreds.exe) supports several new command line 
  options: 
  
***************
*** 118,138 ****
      -Z = unmap drives
  
  autoinit will result in automated attempts to acquire AFS tokens when 
! afscreds.exe is started.  When used in combination with ip address change 
! detection, afscreds.exe will attempt to acquire AFS tokens whenever a new IP 
! address is added to the system.
  
  The renew drive maps option is used to ensure that the user drive maps 
! constructs via the AFS tools (not NET USE) are re-constructed at afscreds.exe 
! start time.
  
  By default afscreds.exe is configured by the OpenAFS.org installers to use -A 
! -N -M as startup options.  Currently, there is no UI to change this selection 
! after install time although these options may be set via the registry either 
! per machine or per user.
  
! 8. Some attempts in the 1.3.65 release have been made to restrict the behavior 
! of users with regards to their ability to alter the state of the AFS Client 
  Service.  For example, the following fs.exe commands are now restricted to 
  Administrator:
  
--- 150,174 ----
      -Z = unmap drives
  
  autoinit will result in automated attempts to acquire AFS tokens when 
! afscreds.exe is started.  afscreds.exe will attempt to utilize tickets stored
! in the MSLSA credentials cache; any existing CCAPI credentials cache; and
! finally display an Obtain Tokens dialog to the user.  When used in combination 
! with ip address change detection, afscreds.exe will attempt to acquire AFS 
! tokens whenever the IP address list changes and the Kerberos KDC is 
! accessible.
  
  The renew drive maps option is used to ensure that the user drive maps 
! constructed via the AFS tools (not NET USE) are re-constructed each time
! afscreds.exe is started.
  
  By default afscreds.exe is configured by the OpenAFS.org installers to use -A 
! -N -M -Q as startup options.  Currently, there is no UI to change this selection 
! after install time although these options may be altered via the registry either 
! per machine or per user.  See AfscredsShortcutParams in registry.txt.
! 
  
! 8. Some attempts have been made to restrict the ability  
! of users to alter the state of the AFS Client 
  Service.  For example, the following fs.exe commands are now restricted to 
  Administrator:
  
***************
*** 154,163 ****
  Some of the AFS Client Configuration Control Panel options are also restricted 
  to use by the "Administrator" account.
  
! 9. As of 1.3.65, the AFS Client should support UNC paths everywhere.
  
  10. The AFS Client ships with its own version of aklog.exe which should be 
! used in preference to those obtained by third party sources.
  
  Usage: aklog [-d] [[-cell | -c] cell [-k krb_realm]]
               [[-p | -path] pathname]
--- 190,206 ----
  Some of the AFS Client Configuration Control Panel options are also restricted 
  to use by the "Administrator" account.
  
! 
! 9. The AFS Client should support UNC paths everywhere.  Power users that make
! extensive use of the command line shell, cmd.exe, might want to consider using 
! JP Software's 4NT command processor.  Unlike cmd.exe, 4NT does fully support
! UNC paths and can use a UNC path as the default device.
! 
  
  10. The AFS Client ships with its own version of aklog.exe which should be 
! used in preference to those obtained by third party sources.  The OpenAFS
! aklog.exe supports Kerberos 5 as well as the ability to auto-generate
! pts IDs for user's obtaining tokens to foreign cells.
  
  Usage: aklog [-d] [[-cell | -c] cell [-k krb_realm]]
               [[-p | -path] pathname]
***************
*** 172,203 ****
        (default is Kerberos V)
     No commandline arguments means authenticate to the local cell.
  
! 11. The AFS Server functionality provided with OpenAFS 1.3.65 does work but 
! should be considered experimental.  It has not been thoroughly tested.
  
  12. The OpenAFS for Windows installers now include Symbol information which 
  should be installed if you are experiencing problems and need to send crash 
! reports.
  
- 13. OpenAFS for Windows does not support files larger than 2GB.
  
! 14. There are known problems running the AFS Client on Hyperthreaded 
! Pentium 4 machines.  As of 1.3.70, a registry entry may be created to specify
  that the AFS Client Service should only use a single processor.  If you have
! a hyperthreaded system it is strongly advised that this registry value be set.
! See "registry.txt" for details on the MaxCPUs value. 
  
! 15. OpenAFS for Windows currently requires the use of TCP based RPC. If the 
! machine is restricted to Local RPC only, you will be unable to store tokens.
! As of 1.3.70, Local RPC is used as the default RPC mechanism for setting 
! tokens.  TCP RPC is still used for debugging and other functions.
  
! 16. As of 1.3.70, OpenAFS for Windows automatically open ports in the Windows 
  Internet Connection Firewall.
  
  17. The OpenAFS for Windows installer by default activates a weak form of 
  encrypted data transfer between the AFS client and the AFS servers.  This
! is often referred to as "crypt" mode.
  
  18. OpenAFS 1.3.70 adds support for authenticated SMB connections using 
  either NTLM or GSS SPNEGO (NTLM, Kerberos 5, ...).  In previous versions
--- 215,269 ----
        (default is Kerberos V)
     No commandline arguments means authenticate to the local cell.
  
! 
! 11. The AFS Server functionality provided with OpenAFS 1.3.70 might work but 
! should be considered highly experimental.  It has not been thoroughly tested.
! Any data which would cause pain if lost should be stored in an OpenAFS 
! Server on Windows.
! 
! A few notes on the usage of the AFS Client Service if it is going to be 
! used with the OpenAFS AFS Server:
! 
! (a) When the AFS Server is installed Freelance mode must be turned off.  
! 
! (b) The AFS Server and related tools only support the built in kaserver
! (Kerberos IV).  If the AFS Server is being used, MIT Kerberos for Windows
! should not be used.
! 
  
  12. The OpenAFS for Windows installers now include Symbol information which 
  should be installed if you are experiencing problems and need to send crash 
! reports.  This is true in both the release and the debug versions of the 
! installers.  The differences between the release and debug versions are 
! whether or not the binaries were compiled with optimization; whether the
! debug symbols are installed by default; and whether additional debug 
! statements were compiled into the binaries.
  
  
! 13. OpenAFS for Windows does not support files larger than 2GB.  
! 
! 
! 14. There are reported problems running the AFS Client on Hyperthreaded 
! Pentium 4 machines.  A registry entry may be created to specify
  that the AFS Client Service should only use a single processor.  If you have
! a hyperthreaded system and you are experiencing crashes, it is advised that
! you create the "MaxCPUs" registry value and set it to "1".
! See "registry.txt" for details. 
! 
  
! 15. Local RPC is used as the default RPC mechanism for setting 
! tokens.  TCP RPC is required to be installed and is used for debugging 
! and other functions.
  
! 
! 16. OpenAFS for Windows automatically open ports in the Windows 
  Internet Connection Firewall.
  
+ 
  17. The OpenAFS for Windows installer by default activates a weak form of 
  encrypted data transfer between the AFS client and the AFS servers.  This
! is often referred to as "fcrypt" mode.
! 
  
  18. OpenAFS 1.3.70 adds support for authenticated SMB connections using 
  either NTLM or GSS SPNEGO (NTLM, Kerberos 5, ...).  In previous versions
***************
*** 221,226 ****
--- 287,293 ----
  add these service principals to the list of principals to be maintained
  for each host.
  
+ 
  19. As of 1.3.70, INI files are no longer used for the storage of AFS 
  configuration data.  No longer are there any AFS related files stored in the
  %WINDIR% directory.  The CellServDB file is no longer called "afsdsbmt.ini"
***************
*** 231,236 ****
--- 298,304 ----
  data will be automatically migrated; there is no mechanism for automatic
  migration of Submounts, Drive Mappings, Active Maps, and CSCPolicy data.
  
+ 
  20. As of 1.3.70, the OpenAFS Client is compatible with Windows XP SP2
  and Windows 2003 SP1.  The Internet Connection Firewall will be 
  automatically adjusted to allow the receipt of incoming callback messages 
***************
*** 238,253 ****
  entries are added to the registry to allow SMB authentication to be 
  performed across the loopback connection.
  
  21. As of 1.3.70, the OpenAFS Client Service supports the CIFS Remote
  Admin Protocol which provides browsing of server and share information.
! This significantly enhances the functionality of AFS volumes within the
! Explorer Shell.
  
  22. OpenAFS will now automatically forget a user's tokens upon Logoff
  unless the user's profile was loaded from an AFS volume.  In this situation
  there is no mechanism to determine when the profile has been successfully
  written back to the network.  It is therefore unsafe to release the user's
  tokens.
  
  ------------------------------------------------------------------------
  
--- 306,346 ----
  entries are added to the registry to allow SMB authentication to be 
  performed across the loopback connection.
  
+ 
  21. As of 1.3.70, the OpenAFS Client Service supports the CIFS Remote
  Admin Protocol which provides browsing of server and share information.
! This significantly enhances the interoperability of AFS volumes within the
! Explorer Shell and Microsoft Office applications.
! 
! Note: This functionality has been disabled in the 1.3.70 installers due
! to problems discovered with the final release build of XP SP2.  To enable
! this functionality on other versions of Windows the following registry 
! entries should be added:
! 
!   REG_DWORD HKLM "Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\AfsLogon" "Asynchronous" 0
!   REG_DWORD HKLM "Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\AfsLogon" "Impersonate"  1
!   REG_SZ    HKLM "Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\AfsLogon" "DLLName" "afslogon.dll"
!   REG_SZ    HKLM "Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\AfsLogon" "Logoff" "AFS_Logoff_Event"
!   REG_SZ    HKLM "Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\AfsLogon" "Startup" "AFS_Startup_Event"
! 
  
  22. OpenAFS will now automatically forget a user's tokens upon Logoff
  unless the user's profile was loaded from an AFS volume.  In this situation
  there is no mechanism to determine when the profile has been successfully
  written back to the network.  It is therefore unsafe to release the user's
  tokens.
+                                                    
+ 
+ 23. Terminal Server installations.
+ When installing under Terminal Server, you must execute the NSIS installer
+ (.exe) from within the Add/Remove Programs Control Panel.  Failure to do so 
+ will result in AFS not running properly.  The AFS Server should not 
+ be installed on a machine with Terminal Server installed.
+ 
+ 24. AFS is a Unix native file system.  As such the OpenAFS client attempts
+ to treat the files stored in AFS as they would be on Unix.  File and directory
+ names beginning with a "." are automatically given the Hidden attribute so
+ they will not normally be displayed.
  
  ------------------------------------------------------------------------
  
Index: openafs/doc/txt/winnotes/afs-issues.txt
diff -c openafs/doc/txt/winnotes/afs-issues.txt:1.5 openafs/doc/txt/winnotes/afs-issues.txt:1.8.2.1
*** openafs/doc/txt/winnotes/afs-issues.txt:1.5	Sun Jul 25 16:53:09 2004
--- openafs/doc/txt/winnotes/afs-issues.txt	Tue Aug 10 00:10:44 2004
***************
*** 139,146 ****
        Currently there is no synchronization of thread creation which results in timing 
        conflicts; and there is no attempt to cleanly shutdown the service which causes 
        problems when restarting and prevents the implementation of a persistent cache
!    3. Implement a persistent cache
!    4. Prevent panic situation when the root.afs volume is not reachable
     5. Prevent panic situation when the IP address to which the SMB server is bound is removed 
        from the local machine's network configuration
     6. Identify and fix the problems with running the RX library on Hyperthreaded systems
--- 139,147 ----
        Currently there is no synchronization of thread creation which results in timing 
        conflicts; and there is no attempt to cleanly shutdown the service which causes 
        problems when restarting and prevents the implementation of a persistent cache
!    3. Implement a persistent cache (requires item 2)
!    4. Prevent panic situation when the root.afs volume is not reachable and 
!       the AFS Client Server is not using Freelance mode
     5. Prevent panic situation when the IP address to which the SMB server is bound is removed 
        from the local machine's network configuration
     6. Identify and fix the problems with running the RX library on Hyperthreaded systems
***************
*** 187,190 ****
        3. force share names to be no longer than 13 characters
        4. restrict authentication to ASCII only names and passwords
    19. Complete implementation of CIFS Remote Administration Protocol
!   20. Identify and correct the problems with Microsoft Office applications
--- 188,198 ----
        3. force share names to be no longer than 13 characters
        4. restrict authentication to ASCII only names and passwords
    19. Complete implementation of CIFS Remote Administration Protocol
!   20. Correct the problems with overlapped writes which adversely affect 
!       Microsoft Office applications storing documents and temporary files
!       within AFS volumes
!   21. Add support for SMB/CIFS Digital Signatures
!   22. Development of afsmap.exe tool to provide AFS aware NET USE functionality
!       afsmap.exe <drive> <afs-path> [/PERSISTENT]
!       afsmap.exe <drive> <unc-path> [/PERSISTENT]
!       afsmap.exe <drive> /DELETE
Index: openafs/doc/txt/winnotes/msi-deployment-guide.txt
diff -c /dev/null openafs/doc/txt/winnotes/msi-deployment-guide.txt:1.2
*** /dev/null	Tue Aug 10 00:25:10 2004
--- openafs/doc/txt/winnotes/msi-deployment-guide.txt	Wed Aug  4 12:36:10 2004
***************
*** 0 ****
--- 1,394 ----
+ 
+ OpenAFS for Windows
+                          MSI Deployment Guide
+ ----------------------------------------------------------------------
+ 
+      Contents
+ 
+      1.  Introduction
+      1.1 Requirements
+ 
+      2.	 Configuration options
+      2.1 Configurable properties
+      2.2 Existing registry values
+ 
+      3.	 Additional resources
+      3.1 Example
+ 
+      4.	 Upgrades
+ 
+      5.	 FAQ
+ 
+ 
+ ----------------------------------------------------------------------
+ 
+ 1.  Introduction
+ 
+     Beginning with OpenAFS for Windows version 1.3.65 a MSI installer
+     option is available for those who wish to use Windows
+     Installer for installing OpenAFS and for organizations that wish
+     to deploy OpenAFS through Group Policy.
+ 
+     This document provides a guide for authoring transforms used to
+     customize the MSI package for a particular organization.
+     Although many settings can be deployed via transforms, in an
+     Active Directory environment it is advisable to deploy registry
+     settings and configuration files through group policy and/or
+     startup scripts so that machines where OpenAFS for Windows is
+     already installed will pick up these customizations.
+ 
+ 1.1 Requirements
+ 
+     The information in this document applies to MSI packages
+     distributed with OpenAFS for Windows releases from 1.3.65 and
+     onwards or MSI packages built from corresponding source
+     releases. Not all releases support all the configuration options
+     documented here.
+ 
+     Authoring a Windows Installer transform requires additional
+     software for editing the MSI database tables and generating the
+     transform from the modified MSI package.  ORCA.EXE and MSITRAN.EXE
+     which are included in the Windows Platform SDK (Windows Installer
+     SDK) can be used for this purpose.
+ 
+     The schema for the MSI package is based on SCHEMA.MSI distributed
+     with the Platform SDK.
+ 
+ ----------------------------------------------------------------------
+ 
+ 2.  Configuration Options
+ 
+ 2.1 Configurable Properties
+ 
+     Most configurable properties correspond to registry keys or values.
+     To avoid duplication, only a reference to the relevant registry key
+     or value is given here.  For more details about the associated
+     semantics, please refer to registry.txt distributed with the
+     OpenAFS for Windows release.
+ 
+     These properties are, of course, found in the 'Property' table of
+     the MSI package.
+ 
+     For brevity the following nomenclature will be used to refer to
+     registry keys:
+ 
+     Strings are quoted using single quotes (e.g. 'a string'). An empty
+     string is denoted as ''.  Note that you can't author null values
+     into the 'Property' table.  To achieve this effect you'll have to
+     drop the relevant row.
+ 
+     (Service parameters):
+     [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters]
+ 
+     (Network provider):
+     [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider]
+ 
+     The configurable properties are as follows:
+ 
+     AFSCACHEPATH
+         Registry key    : (Service parameters)
+         Registry value  : CachePath
+         Valid values    : string
+ 
+     AFSCACHESIZE
+         Registry key    : (Service parameters)
+         Registry value  : CacheSize
+         Valid values    : numeric
+ 
+     AFSCELLNAME
+ 
+ 	Registry key	: (Service parameters)
+ 	Registry value	: Cell
+ 	Valid values	: string
+ 
+     CREDSAUTOINIT
+ 	Valid values	: '-a' or ''
+ 	
+ 	Option for AFSCREDS.EXE.  Enables automatic initialization.
+ 	(see below)
+ 
+     CREDSIPCHDET
+ 	Valid values	: '-n' or ''
+ 
+ 	Option for AFSCREDS.EXE.  Enables IP address change detection.
+ 	(see below)
+ 
+     CREDSQUIET
+ 	Valid values	: '-q' or ''
+ 
+ 	Option for AFSCREDS.EXE.  Enables quiet mode.
+ 	(see below)
+ 
+     CREDSRENEWDRMAP
+ 	Valid values	: '-m' or ''
+ 
+ 	Option for AFSCREDS.EXE.  Enables renewing drive map at
+ 	startup.
+         (see below)
+ 
+     CREDSSHOW
+         Valid values    : '-s' or ''
+ 
+         Option for AFSCREDS.EXE.  Enables displaying the credential
+         manager window when AFSCREDS starts up.
+ 
+ 	The five properties above determine the behavior of the AFS
+ 	credential manager ( AFSCREDS.EXE ).  Each property adds a
+ 	command line option to the shortcut that will be created in
+ 	the Program Menu, both under 'OpenAFS' and 'Startup' folders
+         (see CREDSSTARTUP).
+ 
+ 	The way in which the options are specified was chosen for easy
+ 	integration with the Windows Installer user interface.
+ 	Although you can come up with creative ways to provide other
+ 	options to AFSCREDS.EXE, we advise against it because such
+ 	transforms may not apply to future releases of OpenAFS.
+ 
+     CREDSSTARTUP
+         Valid values    : '1' or '0'
+ 
+         Controls whether AFSCREDS.EXE starts up automatically when a
+         user logs on.  When CREDSSTARTUP is '1' a shortcut is added
+         to the 'Startup' folder in the 'Program menu' which starts
+         AFSCREDS.EXE with the options that are determined by the
+         other CREDS* properties.
+ 
+     FREELANCEMODE
+ 
+ 	Registry key	: (Service parameters)
+ 	Registry value	: FreelanceClient
+ 	Valid values	: '1' or '0'
+ 
+     HIDEDOTFILES
+ 
+ 	Registry key	: (Service parameters)
+ 	Registry value	: HideDotFiles
+ 	Valid values	: '1' or '0'
+ 
+     LOGONOPTIONS
+ 
+ 	Registry key	: (Network provider)
+ 	Registry value	: LogonOptions
+ 	Valid values	: '0','1' or '3'
+ 
+ 	See section 2.1 of registry.txt (Domain specific configuration
+ 	keys for Network Provider) and section [filler] of this
+ 	document (filler) for more details.
+ 
+     MOUNTROOT
+ 
+ 	Registry key	: (Service parameters)
+ 	Registry value	: Mountroot
+ 	Valid values	: string
+ 
+     NETBIOSNAME
+ 
+ 	Registry key	: (Service parameters)
+ 	Registry value	: NetbiosName
+ 	Valid values	: string (at most 15 characters)
+ 
+     NOFINDLANABYNAME
+ 
+ 	Registry key	: (Service parameters)
+ 	Registry value	: NoFindLanaByName
+ 	Valid values	: '1' or '0'
+ 
+     RXMAXMTU
+ 
+ 	Registry key	: (Service parameters)
+ 	Registry value	: RxMaxMTU
+ 	Valid values	: numeric
+ 
+     SECURITYLEVEL
+ 
+ 	Registry key	: (Service parameters)
+ 	Registry value	: SecurityLevel
+ 	Valid values	: '1' or '0'
+ 
+     SMBAUTHTYPE
+ 
+ 	Registry key	: (Service parameters)
+ 	Registry value	: SMBAuthType
+ 	Valid values	: '0','1' or '2'
+ 
+     USEDNS
+ 
+ 	Registry key	: (Service parameters)
+ 	Registry value	: UseDNS
+ 	Valid values	: '1' or '0'
+ 
+ 
+ 2.2 Existing Registry Entries
+ 
+     You can change existing registry values subject to the
+     restrictions mentioned in the Windows Platform SDK.  Pay special
+     attention to component keypaths and try to only change the 'Value'
+     column in the 'Registry' table.  If you want to add additional
+     registry keys please refer to section 3 (Additional Resources).
+ 
+ ----------------------------------------------------------------------
+ 
+ 3   Additional Resources
+ 
+     If you want to add registry keys or files you need to create new
+     components and features for those.  Refer to the Windows Platform
+     SDK for details.
+ 
+     Add new features under the 'feaClient' or 'feaServer' as
+     appropriate and set the 'Level' column for those features to equal
+     the 'Level' for their parent features for consistency.  Note that
+     none of the features in the OpenAFS for Windows MSI package are
+     designed to be installed to run from 'source' or 'advertised'.  It
+     is recommended that you set 'msidbFeatureAttributesFavorLocal' (0),
+     'msidbFeatureAttributesFollowParent' (2) and
+     'msidbFeatureAttributesDisallowAdvertise' (8) attributes for new
+     features.
+ 
+     If you are creating new components, retain the same component GUID
+     when creating new transforms against new releases of the OpenAFS
+     MSI package.
+ 
+ 3.1 Example: Adding domain specific registry keys
+ 
+     Following is an example for adding domain specific registry keys.
+     Refer to section 2.1 in REGISTRY.TXT for more information.
+ 
+     Columns that are unspecified should be left empty.
+ 
+     We create a new feature and component to hold the new registry keys.
+ 
+     'Feature' table:
+ 
+     (new row)
+ 	Feature		: 'feaDomainKeys'
+ 	Feature Parent	: 'feaClient'
+ 	Display		: 0
+ 	Level		: 30
+ 	Attributes	: 10
+ 
+     'Component' table:
+ 
+ 	(new row)
+     Component	: 'rcm_DomainKeys'
+ 	ComponentId	: '{4E3FCBF4-8BE7-40B2-A108-C47CF743C627}'
+ 	Directory	: 'TARGETDIR'
+ 	Attributes	: 4
+ 	KeyPath		: 'reg_domkey0'
+ 
+     'FeatureComponents' table:
+ 
+     (new row)
+ 	Feature		: 'feaDomainKeys'
+ 	Component	: 'rcm_DomainKeys'
+ 
+     'Registry' table:
+ 
+ 	(new row)
+ 	Registry	: 'reg_domkey0'
+ 	Root		: 2
+ 	Key		: 'SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider\Domain'
+ 	Component	: 'rcm_DomainKeys'
+ 
+ 	(new row)
+ 	Registry	: 'reg_domkey1'
+ 	Root		: 2
+ 	Key		: 'SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider\Domain'
+ 	Name		: '*'
+ 	Component	: 'rcm_DomainKeys'
+ 
+ 	(new row)
+ 	Registry	: 'reg_domkey2'
+ 	Root		: 2
+ 	Key		: 'SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider\Domain\ATHENA.MIT.EDU'
+ 	Name		: '*'
+ 	Component	: 'rcm_DomainKeys'
+ 
+ 	(new row)
+ 	Registry	: 'reg_domkey3'
+ 	Root		: 2
+ 	Key		: 'SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider\Domain\ATHENA.MIT.EDU'
+ 	Name		: 'LogonOptions'
+ 	Value		: 1
+ 	Component	: 'rcm_DomainKeys'
+ 
+ 	(new row)
+ 	Registry	: 'reg_domkey4'
+ 	Root		: 2
+ 	Key		: 'SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider\Domain\LOCALHOST'
+ 	Name		: '*'
+ 	Component	: 'rcm_DomainKeys'
+ 
+ 	(new row)
+ 	Registry	: 'reg_domkey5'
+ 	Root		: 2
+ 	Key		: 'SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider\Domain\LOCALHOST'
+ 	Name		: 'LogonOptions'
+ 	Value		: 0
+ 	Component	: 'rcm_DomainKeys'
+ 
+ 	(new row)
+ 	Registry	: 'reg_domkey6'
+ 	Root		: 2
+ 	Key		: 'SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider\Domain\LOCALHOST'
+ 	Name		: 'FailLoginsSilently'
+ 	Value		: 1
+ 	Component	: 'rcm_DomainKeys'
+ 
+     The example adds domain specific keys for 'ATHENA.MIT.EDU' (enable
+     integrated logon) and 'LOCALHOST' (disable integrated logon and
+     fail logins silently).
+ 
+     After making the adjustments to the MSI database using ORCA.EXE
+     you can generate a transform with MSITRAN.EXE as follows :
+ 
+     (Modified MSI package is 'openafs-en_US_new.msi' and the original
+     MSI package is 'openafs-en_US.msi'.  Generates transform
+     'openafs-transform.mst')
+ 
+     > msitran.exe -g openafs-en_US.msi openafs-en_US_new.msi openafs-transform.mst glpruw
+ 
+     See the Platform SDK documentation for information on command line
+     options for MSITRAN.EXE.
+ 
+ ----------------------------------------------------------------------
+ 
+ 4.  Upgrades
+ 
+     The MSI package is designed to uninstall previous versions of
+     OpenAFS for Windows during installation.  Note that it doesn't
+     directly upgrade an existing installation.  This is intentional
+     and ensures that development releases which do not have strictly
+     increasing version numbers are properly upgraded.
+ 
+     Versions of OpenAFS that are upgraded by the MSI package are :
+ 
+     1) OpenAFS MSI package
+        Upgrade code {6823EEDD-84FC-4204-ABB3-A80D25779833}
+        Upto current release
+ 
+     2) MIT's Transarc AFS MSI package
+        Upgrade code {5332B94F-DE38-4927-9EAB-51F4A64193A7}
+        Upto version 3.6.2
+ 
+     3) OpenAFS NSIS package
+        All versions
+ 
+        Note that versions of the OpenAFS NSIS package prior to 1.3.65
+        had a bug where it couldn't be uninstalled properly in
+        unattended mode.  Therefore the MSI package will not try to
+        uninstall an OpenAFS NSIS package if running unattended.  This
+        means that group policy based deployments will fail on machines
+        that have the OpenAFS NSIS package installed.
+ 
+     If you have used a different MSI package to install OpenAFS and
+     wish to upgrade it you can author rows into the 'Upgrade' table as
+     described in the Platform SDK.
+ 
+ ----------------------------------------------------------------------
+ 
+ 5.  FAQ
+ 
+     (Q/A's will be added here as needed)
+ 
+ ----------------------------------------------------------------------
+ $Id: msi-deployment-guide.txt,v 1.2 2004/08/04 16:36:10 jaltman Exp $
Index: openafs/doc/txt/winnotes/registry.txt
diff -c openafs/doc/txt/winnotes/registry.txt:1.14 openafs/doc/txt/winnotes/registry.txt:1.18
*** openafs/doc/txt/winnotes/registry.txt:1.14	Thu Jul 22 18:15:37 2004
--- openafs/doc/txt/winnotes/registry.txt	Thu Aug  5 12:23:52 2004
***************
*** 32,38 ****
  Default : 20480 (CM_CONFIGDEFAULT_CACHESIZE)
  Variable: cm_initParams.cacheSize
  
!   Size of the AFS cache.
  
  Value   : ChunkSize
  Type    : DWORD
--- 32,38 ----
  Default : 20480 (CM_CONFIGDEFAULT_CACHESIZE)
  Variable: cm_initParams.cacheSize
  
!   Size of the AFS cache in 1k blocks.
  
  Value   : ChunkSize
  Type    : DWORD
***************
*** 104,116 ****
    where the symlink exists)
   
  Value	: CachePath
! Type	: REG_SZ
! Default : "\AFSCache"
  Variable: cm_CachePath
  
    Location of on-disk cache file.  The default implies the root 
    directory of the boot disk
  
  Value	: TrapOnPanic
  Type	: DWORD {1,0}
  Default : 0
--- 104,129 ----
    where the symlink exists)
   
  Value	: CachePath
! Type	: REG_SZ or REG_EXPAND_SZ
! Default : "%SYSTEMDRIVE%\AFSCache"
  Variable: cm_CachePath
  
    Location of on-disk cache file.  The default implies the root 
    directory of the boot disk
  
+ 
+ Value   : NonPersistentCaching
+ Type    : DWORD [0..1]
+ Default : 0
+ Variable: buf_CacheType
+ 
+   When this registry value is set to a non-zero value, the CachePath
+   value is ignored and the cache data is stored in the windows paging
+   file.  This prevents the use of persistent caching (when available)
+   as well as the ability to alter the size of the cache at runtime
+   using the "fs setcachesize" command.
+ 
+ 
  Value	: TrapOnPanic
  Type	: DWORD {1,0}
  Default : 0
***************
*** 601,606 ****
--- 614,623 ----
    This value used to be stored at 
    [HKLM\Software\TransarcCorporation\AFS Client\AfsCreds].
  
+   The current user value is checked first; if it does not exist the local 
+   machine value is checked.
+ 
+ 
  Value   : EnableKFW
  Type    : DWORD {0, 1}
  Default : 1
***************
*** 608,614 ****
  
    When MIT Kerberos for Windows can be loaded, Kerberos 5 will be used
    to obtain AFS credentials.  By setting this value to 0, the internal
!   Kerberos 4 implementation will be used instead.
  
  Value   : AfscredsShortcutParams
  Type    : REG_SZ
--- 625,632 ----
  
    When MIT Kerberos for Windows can be loaded, Kerberos 5 will be used
    to obtain AFS credentials.  By setting this value to 0, the internal
!   Kerberos 4 implementation will be used instead.  The current user value 
!   is checked first; if it does not exist the local machine value is checked.
  
  Value   : AfscredsShortcutParams
  Type    : REG_SZ
***************
*** 616,634 ****
  Function: Shortcut_FixStartup
  
    This value specifies the command line options which should be set
!   as part of the shortcut to afscreds.exe.
! 
! 
! Regkey:
! [HKCU\SOFTWARE\OpenAFS\Client]
! 
! Value   : Authentication Cell
! Type    : REG_SZ
! Default : <none>
! Function: Afscreds.exe GetDefaultCell()
! 
!   This value allows the user to configure a different cell name to
!   be used as the default cell when acquiring tokens in afscreds.exe
  
  
  Regkey:
--- 634,645 ----
  Function: Shortcut_FixStartup
  
    This value specifies the command line options which should be set
!   as part of the shortcut to afscreds.exe.  afscreds.exe rewrites the 
!   shortcut each time it exits so as to ensure that the shortcut points
!   to the latest version of the program.  This value is used to determine
!   which values should be used for command line parameters.  The current
!   user value is checked first; if it does not exist the local machine
!   value is checked.
  
  
  Regkey:
***************
*** 729,805 ****
      These values used to be stored in afsdsbmt.ini
  
  
- Regkey:
- [HKCU\SOFTWARE\OpenAFS\Client\Active Maps]
- 
- Value   : "upper case drive letter"
- Type    : DWORD {0, 1}
- Default : <none>
- 
-   These values are used to store the persistence state of the AFS 
-   drive mappings as listed in the [...\Client\Mappings] key
- 
-   These values used to be stored in the afsdsbmt.ini file
- 
- Regkey:
- [HKCU\SOFTWARE\OpenAFS\Client\Mappings]
- 
- Value   : "upper case drive letter"
- Type    : REG_SZ
- Default : <none>
- 
-   These values are used to store the AFS path in Unix notation
-   to which the drive letter is to be mapped.
- 
-   These values used to be stored in the afsdsbmt.ini file.
- 
- 
- Regkey:
- [HKLM\SOFTWARE\OpenAFS\Client\CSCPolicy]
- 
- Value   : "smb/cifs share name"
- Type    : REG_SZ
- Default : <none>
- 
-     This key is used to map SMB/CIFS shares to Client Side Caching 
-     (off-line access) policies. For each share one of the following
-     policies may be used: "manual", "programs", "documents", "disable"
- 
-     These values used to be stored in afsdsbmt.ini
- 
- Regkey:
- [HKLM\SOFTWARE\OpenAFS\Client\Freelance]
- 
- Value   : "numeric value"
- Type    : REG_SZ
- Default : <none>
- 
-     This key is used to store newline terminated mount point strings 
-     for use in constructing the fake root.afs volume when Freelance
-     (dynamic roots) mode is activated.
- 
-         "athena.mit.edu#athena.mit.edu:root.cell.\n"
-         ".athena.mit.edu%athena.mit.edu:root.cell.\n"
- 
-     These values used to be stored in afs_freelance.ini
- 
- 
- Regkey:
- [HKLM\SOFTWARE\OpenAFS\Client\Submounts]
- 
- Value   : "submount name"
- Type    : REG_SZ
- Default : <none>
- 
-     This key is used to store mappings of unix style AFS paths
-     to submount names which can be referenced as UNC paths.
-     For example the submount string "/athena.mit.edu/user/j/a/jaltman"
-     can be associated with the submount name "jaltman.home".
-     This can then be referenced as the UNC path \\AFS\jaltman.home.
- 
-     These values used to be stored in afsdsbmt.ini
- 
- 
  ENVIRONMENT VARIABLES:
  
  Variable: AFS_RPC_ENCRYPT 
--- 740,745 ----