[OpenAFS] Puzzler: lack of access to AFS files

Derrick Brashear shadow@gmail.com
Wed, 12 Dec 2007 21:26:56 -0500 

------=_Part_32471_32064878.1197512816030
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

On Dec 12, 2007 3:37 PM, Douglas E. Engert <deengert@anl.gov> wrote:

>
>
> John Hascall wrote:
> >> John Hascall wrote:
> >>> Would it work to modify the KDC such that when it hands out
> >>> an afs/<cell>@REALM ticket for a TGT with a client name that
> >>> is in the sconv table (like my sysadmin/asw.iastate.edu@IASTATE.EDU)
> >>> that it 'K4-izes' that name (to sysadmin/asw in this case) in the
> >>> returned ticket?  (Thus obviating the need to futz with the code
> >>> on every AFS server.)
> >
> >>> Or is that just too hideous?
> >
> >> Sounds like the tail waging the dog. There are KDCs used with AFS
> >> that are not modifiable, and don't support any k4. You don't want to
> >> fiddle with the K5 protocols either.  the Its time to get AFS
> 'k5-izes'.
> >
> > Yes, it would be lovely if AFS was 100% K5.
>
> The hint was to the AFS developers, that it is time, and some of us
> use KDCs that are not modifiable.
>

Care to give me a hint where I can find 5 more hours in a day?

------=_Part_32471_32064878.1197512816030
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

<br><br><div class="gmail_quote">On Dec 12, 2007 3:37 PM, Douglas E. Engert &lt;<a href="mailto:deengert@anl.gov">deengert@anl.gov</a>&gt; wrote:<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<div class="Ih2E3d"><br><br>John Hascall wrote:<br>&gt;&gt; John Hascall wrote:<br>&gt;&gt;&gt; Would it work to modify the KDC such that when it hands out<br>&gt;&gt;&gt; an afs/&lt;cell&gt;@REALM ticket for a TGT with a client name that
<br>&gt;&gt;&gt; is in the sconv table (like my <a href="mailto:sysadmin/asw.iastate.edu@IASTATE.EDU">sysadmin/asw.iastate.edu@IASTATE.EDU</a>)<br>&gt;&gt;&gt; that it &#39;K4-izes&#39; that name (to sysadmin/asw in this case) in the
<br>&gt;&gt;&gt; returned ticket? &nbsp;(Thus obviating the need to futz with the code<br>&gt;&gt;&gt; on every AFS server.)<br>&gt;<br>&gt;&gt;&gt; Or is that just too hideous?<br>&gt;<br>&gt;&gt; Sounds like the tail waging the dog. There are KDCs used with AFS
<br>&gt;&gt; that are not modifiable, and don&#39;t support any k4. You don&#39;t want to<br>&gt;&gt; fiddle with the K5 protocols either. &nbsp;the Its time to get AFS &#39;k5-izes&#39;.<br>&gt;<br>&gt; Yes, it would be lovely if AFS was 100% K5.
<br><br></div>The hint was to the AFS developers, that it is time, and some of us<br>use KDCs that are not modifiable.<br></blockquote><div><br>Care to give me a hint where I can find 5 more hours in a day?<br>&nbsp;<br></div>
</div><br>

------=_Part_32471_32064878.1197512816030--