[OpenAFS-devel] rxk5 openafs - m47
Marcus Watts
mdw@umich.edu
Fri, 23 Mar 2007 04:49:08 -0500
Here is a new patch for openafs + rxk5:
/afs/umich.edu/group/itd/build/mdw/openafs/patches/afs-rxk5-r1517-m47.patch.bz2
m47 is based on openafs 1.5.17, and should be applied to it.
Since m40, the following are the major changes:
/0/ updated to use 1.5.17.
/1/ new tokens interface, more or less following "rxgk-client-integration".
Interface itself could contain an array of tokens or other
tagged data.
uses xdr to serialize data.
manifests differ slightly.
Kernel & userland code does not at present support multiple
tokens per cell (nor does the document describe how
this could be accomplished for rxkad/rxk5.)
timestamps are not global to the list, but the responsibility
of each token type (different token types might have
different expiration times, or even no expiration time.)
/2/ uses "official" pioctl numbers and names from coordinated space.
/3/ cm capabilities -> properties
/4/ properties code can now pass in more than one pattern to kernel per syscall.
/5/ configure: "dummy-1" rule to set MKAFS_OSTYPE - so that
sh config.status src/libafs/MakefileProto.LINUX
actually works.
/6/ improvements to java code - as previously posted.
/7/ windows code improvements. supports new tokens interface, should
build and support rxk5 without fiddling.
/8/ bos listusers -- terminal width code a la "ls", as previously posted.
/9/ builds and installs libafsrpc_pic.a, libafsauthent_pic.a on most
architectures, needed to do the right thing by java.
/10/ libadmin includes partial support for rxk5.
/11/ many warnings about passing pointers to %x fixed by casting
to int. Not a perfect fix, but something.
/12/ lwp event type is now a "void" not a "char".
zaps more warnings.
The capabilities->property fix & pioctl renumber happpened
very late in the testing process. It's possible I introduced some
small mistakes doing those.
So, to do:
/1/ get rid of allowed_enctypes in default_afs_rxk5_forge, replace
this with something gotten at runtime.
/2/ unlog - try PSetTokenEx(CU_NOAUTH) first, fallback to old loop.
/3/ kdump still annoys me.
/4/ am hoping aix 5.3 will solve the aix packet starvation issue.
/5/ need to experiment with bad tokens.
/6/ ??? rxk5 support in libadmin, libuafs, pam, etc.
/7/ secure cache improvements, including especially,
support for external ticket decoder in rxk5.
/8/ more windows kerberos changes.
m47 builds on linux. The cache manager appears to work.
m46 (without new pioctl numbers & names) built and ran on windows
without change.
a very slightly less recent version was used to make
a complete working fileserver & db server.
-Marcus Watts