[OpenAFS-devel] rxk5 openafs - m47

Marcus Watts mdw@umich.edu
Fri, 23 Mar 2007 04:49:08 -0500


Here is a new patch for openafs + rxk5:
/afs/umich.edu/group/itd/build/mdw/openafs/patches/afs-rxk5-r1517-m47.patch.bz2

m47 is based on openafs 1.5.17, and should be applied to it.

Since m40, the following are the major changes:

/0/ updated to use 1.5.17.
/1/ new tokens interface, more or less following "rxgk-client-integration".
	Interface itself could contain an array of tokens or other
		tagged data.
	uses xdr to serialize data.
	manifests differ slightly.
	Kernel & userland code does not at present support multiple
		tokens per cell (nor does the document describe how
		this could be accomplished for rxkad/rxk5.)
	timestamps are not global to the list, but the responsibility
		of each token type (different token types might have
		different expiration times, or even no expiration time.)
/2/ uses "official" pioctl numbers and names from coordinated space.
/3/ cm capabilities -> properties
/4/ properties code can now pass in more than one pattern to kernel per syscall.
/5/ configure: "dummy-1" rule to set MKAFS_OSTYPE - so that
		sh config.status src/libafs/MakefileProto.LINUX
	actually works.
/6/ improvements to java code - as previously posted.
/7/ windows code improvements.  supports new tokens interface, should
	build and support rxk5 without fiddling.
/8/ bos listusers -- terminal width code a la "ls", as previously posted.
/9/ builds and installs libafsrpc_pic.a, libafsauthent_pic.a on most
	architectures, needed to do the right thing by java.
/10/ libadmin includes partial support for rxk5.
/11/ many warnings about passing pointers to %x fixed by casting
	to int.  Not a perfect fix, but something.
/12/ lwp event type is now a "void" not a "char".
	zaps more warnings.

The capabilities->property fix & pioctl renumber happpened
very late in the testing process.  It's possible I introduced some
small mistakes doing those.

So, to do:
/1/ get rid of allowed_enctypes in default_afs_rxk5_forge, replace
	this with something gotten at runtime.
/2/ unlog - try PSetTokenEx(CU_NOAUTH) first, fallback to old loop.
/3/ kdump still annoys me.
/4/ am hoping aix 5.3 will solve the aix packet starvation issue.
/5/ need to experiment with bad tokens.
/6/ ??? rxk5 support in libadmin, libuafs, pam, etc.
/7/ secure cache improvements, including especially,
	support for external ticket decoder in rxk5.
/8/ more windows kerberos changes.

m47 builds on linux.  The cache manager appears to work.
m46 (without new pioctl numbers & names) built and ran on windows
	without change.
a very slightly less recent version was used to make
	a complete working fileserver & db server.

			-Marcus Watts