[OpenAFS-devel] Re: [OpenAFS] Adding hooks to the ptserver

Derrick Brashear shadow@gmail.com
Sat, 16 May 2009 10:54:19 -0400

2009/5/16 Simon Wilkinson <sxw@inf.ed.ac.uk>:
> [ I'm pulling this out from the configuration database thread, as I think
> there are some interesting issues here, but
> =C2=A0I don't want to muddy that thread ]
> On 16 May 2009, at 14:17, Michael Joyner =E1=8F=A9=E1=8F=AF wrote:
>> And speaking of feature requests... is there a way to add "hooks" into t=
>> pts security database lookups?
> Roughly speaking, there are two mechanisms through which code gets writte=
> for OpenAFS. The first is that fixing a particular problem interests a
> developer ("scratches an itch"), and so they do so and contribute it
> upstream. The second is that a developer is commissioned by a client to
> produce a particular solution (there's a list at
> http://www.openafs.org/support.html=C2=A0of companies providing this serv=
> Unfortunately, there aren't a huge number of us in the "scratches an itch=
> category, and generally speaking we have our (and our employers) itches t=
> scratch. Unless you can convince someone that adding hooks to the pts
> database is an interesting problem, simply posing it as a feature request=
> unlikely to see it implemented in a reasonable timeframe.
> However, what I am very keen to do is to grow the pool of people writing
> code for OpenAFS. If you, or a colleague, have the inclination to dive in=
> adding the support yourself, I'd be happy to help you here, on IRC, or on
> Jabber, with any development questions you might have and to assist with =
> whole process of steering your contribution into something that can make =
> into the codebase.

There's also some collective expertise on this very topic which you
can almost certainly convince people to share if you think you might
want to work on such a project. At least 4 attempts have been made to
front LDAP with a ptserver RPC interface, with varying scope and
success. The key is that whatever you're hooking behind it needs to be
fast for grouped permission lookups (what groups is X a member of).
The fileserver currently blocks doing that lookup. Too slow and you
bring down your file service. The current ptserver does this lookup
rather well.