[OpenAFS-devel] pts examine
Neulinger, Nathan
nneul@umr.edu
Tue, 3 Dec 2002 11:44:28 -0600
In the source file src/auth/userok.c there are:
#ifdef notyet
} else if ( (tmp =3D CompFindUser(adir, tname, "/", tinst, =
NULL)) ) {
strcpy(uname, tmp);
flag =3D 1;
#endif
}
=20
/* cell of conn doesn't match local cell or realm */
} else {
if ( (tmp =3D CompFindUser(adir, tname, ".", tinst, tcell)) =
) {
strcpy(uname, tmp);
flag =3D 1;
#ifdef notyet
} else if ( (tmp =3D CompFindUser(adir, tname, "/", tinst, =
tcell)) ) {
strcpy(uname, tmp);
flag =3D 1;
#endif
} else if ( (tmp =3D CompFindUser(adir, tname, ".", tinst, =
tcell_l)) ) {
strcpy(uname, tmp);
flag =3D 1;
#ifdef notyet
} else if ( (tmp =3D CompFindUser(adir, tname, "/", tinst, =
tcell_l)) ) {
strcpy(uname, tmp);
flag =3D 1;=20
#endif
You can remove those ifdef's, but as I said, I don't remember the =
discussion. I originally wrote those in there cause I wanted to do just =
what you are doing locally. The code was committed, but the krb5 syntax =
support was disabled in the commit.
I do not believe there would be any problem with enabling it, but others =
may have something to say here.=20
-- Nathan
------------------------------------------------------------
Nathan Neulinger EMail: nneul@umr.edu
University of Missouri - Rolla Phone: (573) 341-4841
Computing Services Fax: (573) 341-4216
> -----Original Message-----
> From: Martin MOKREJ=A9 [mailto:mmokrejs@natur.cuni.cz]=20
> Sent: Tuesday, December 03, 2002 11:41 AM
> To: Neulinger, Nathan
> Cc: openafs-devel@openafs.org
> Subject: RE: [OpenAFS-devel] pts examine
>=20
>=20
> On Tue, 3 Dec 2002, Neulinger, Nathan wrote:
>=20
> > > Would someone believe that I'm so stupid to put into UserList
> > > usernames in
> > > a syntax of kerberos5 and NOT kerberos4? Thanks to Johan=20
> Danielson who
> > > pointed me to this problem.
> >
> > >From changelog:
> >
> > * src/auth/userok.c: DELTA
> > afs-superuser-foreign-realm-checks-20010514 AUTHOR=20
> nneul@umr.edu
> >
> > This rewrite cleans up the code a bit, removes any=20
> athena specific
> > references (not needed anymore in this version),=20
> and adds support
> > for multi realm management of afs servers (you can=20
> now specify
> > "admin@OTHERREALM" in your userlist).
>=20
> > Sounds like we just have the krb5 style syntax disabled at the
> > moment... I don't remember the discussion, so I'm not sure=20
> why that is
> > the case.
> >
> > Seems to me that enabling the krb5 syntax is a step in the=20
> right direction.
>=20
> But how to enable it? ;-)
>=20
> I can just state, that having mokrejs/admin@GSF.DE in UserList makes
> ptserver, fileserver, bosserver unhappy with my tickets v5 &=20
> v4 & tokens
> in ticket cache. I use heimdal-0.5.1. Maybe afs could use=20
> some kerberos
> function to convert the name from v5 mapping to v4 in the meantime.
> That will pickup the rewriting rules from krb5.conf also.
>=20
> --=20
> Martin Mokrejs <mmokrejs@natur.cuni.cz>, <m.mokrejs@gsf.de>
> PGP5.0i key is at http://www.natur.cuni.cz/~mmokrejs
> MIPS / Institute for Bioinformatics <http://mips.gsf.de>
> GSF - National Research Center for Environment and Health
> Ingolstaedter Landstrasse 1, D-85764 Neuherberg, Germany
> tel.: +49-89-3187 3683 , fax:=A0+49-89-3187 3585
>=20
>=20