[OpenAFS] kerberos + pam

Jeffrey Hutzelman jhutz@cmu.edu
Fri, 15 Oct 2004 18:03:51 -0400

On Friday, October 15, 2004 16:40:16 -0500 "Douglas E. Engert" 
<deengert@anl.gov> wrote:

> Jeffrey Hutzelman wrote:
>> On Friday, October 15, 2004 13:39:44 -0500 "Douglas E. Engert"
>> <deengert@anl.gov> wrote:
>>> The gafstoken is a single routine that will issue a syscall to get a PAG
>>> then fork/exec your favorite aklog to get a token. gafstoken has
>>> no AFS or Kerberos dependiencies (other then knowing the PAG syscall)
>> Does it implement the syscall replacement interface we use on Linux 2.6?
> Not yet, but I suppose it could.
> The intent if the program was to make it simple so any vendor could build
> it even if they did not have AFS. If run on as system without the AFS
> syscall installed, the signal would be trapped.
> Give me a pointer to the replacemant, and I can look at whiat it would
> take.

The replacement basically consists of wrapping up the syscall arguments in 
a structure, opening a magic file in /proc, and doing an ioctl with a 
pointer to the structure as the argument.  If the file doesn't exist, then 
you make the syscall the old-fashioned way.

Look at src/sys/afssyscalls.c:proc_afs_syscall()

-- Jef