[OpenAFS] kopenafs.h and libkopenafs question on status

mike coyne mike.coyne@paccar.com
Fri, 05 Jun 2009 11:33:04 -0500

For some background , the version of globus we are using is from the VDT
distibution http://vdt.cs.wisc.edu/  , This a prepackaged globus 4.0.8
as patched by vdt from various sources.
ce.tar.gz is the source from vdt.

My Initial problems with the gatekeeper was that using the external
shell service with globus_k5 ( i believe orignaly written to shell out
and get a kerberos token in from gram ), the call to gssklog -setpag
didn't work as the lsetpag function can't change its parent process at
least for linux. So i setout to add a call to lsetpag in globus_k5 prior
to execv 'ing the call to "gssklog" described in its private mapfile.

in had a similar problem in the globus-gridftp-server , int the
globus_i_gridftp_server.c i added some calls to save the current creds,
do a lsetpag, shell a call to gssklog , and the unlink the credintial
cache so a user could do a globus-url-copy to there home directory in

then for wsgram i added the lsetpag and shell to gssklog into the
globus_gridmap_and_execute .c source so that when web stuff fires off
sudo to switch and run as a user, calling globus_gridmap_and_execute
inline so it get their afs token in a new pag in the process and
verifies there creds in the gridmapfile.=20

I probably went about this the hard way but so far it seems to work.=20

On Fri, 2009-06-05 at 10:26 -0500, Douglas E. Engert wrote:
> Mike Coyne wrote:
> > I have been working on getting globus=E2=80=99s gatekeeper,grid-ftp,gsi=
-ssh etc.=20
> > To work correctly with setting pag=E2=80=99s an shelling gssklog.=20
> I have not been involved with Globus for years, but wrote gsiklog and the=
> gssklog and much of the Globus gatekeeper for Globus version 1.1.3. The i=
> was for the gatekeeper to call gssklog to get a PAG and token, and it sho=
> have been working in that verison. So I am curious to what has happened s=
> then that requires you have to redo the code.
> I noticed
> > verifying a bug fix=20
> > http://rt.central.org/rt/Ticket/Display.hml?id=3D124709   that when I=20
> > built a current snapshot with the diff that the kopenafs libs and heade=
> > file was bult and installed . Will this show up In the release or=20
> > =E2=80=9Cfeatures=E2=80=9D versions? It appears to be maintained since =
abut 2006 and=20
> > would be quit usefull it will be available .
> >=20
> >=20
> > To refraze  the question I have calling lsetpag() after some stats on=20
> > the /afs directory to see if its there.
> The original gssklog provided a version of lsetpag in gafstoken.c that
> trapped signals if the AFS syscall failed, i.e. AFS was not present on
> the machine. Thus it dod not need any AFS libraries. This was long before
> k_hasafs which might be a beter choice.
>   And hard linking In lilbsys.a
> >  but if the prefered  interface is  k_hasafs() and k_setpag() should I=20
> > switch.
> >=20
> > =20
> >=20
> > Thanks Mike
> >=20
> > =20
> >=20