[OpenAFS-devel] Re: Need a volunteer to help with a feature summary for 1.4

Frank Bagehorn FBA@zurich.ibm.com
Fri, 19 Aug 2005 18:30:10 +0200


This is an S/MIME signed message.

---------z22968_boundary_sign
Content-Type: text/plain; charset="US-ASCII"

>> at someone point someone with make keyrings work and that should take
>> care of the PAG problem.

> I have and shared a partially completed patch with someone from the list 

> who was wanting such a thing like 3 months ago, but my theory at this 
> point has been to wait for a kerberos ticket file backend in keyring to 
> appear and figure out a way to integrate more directly.

I surely would be glad if the keyring stuff found its way into 1.4 even 
without a more direct Kerberos integration.
I have quite some machines with machine tokens to enable cronjobs and 
services to use AFS with ACLs. Right now, there is always a chance, that 
these tokens get replaced (accidentally, unknowingly) by some admins 
personal token just because he's not in a separate PAG shell by default 
after logging in.
(Log in and do a klog without explicitely calling pagsh before.) And I 
don't even want to mention the security implications of someone suddenly 
having my token...
So PAG support by e.g. pam_afs would be VERY appreciated.

Regards
Frank

----------------------------------------------------------------------------
Dr. Frank Bagehorn
Manager Infrastructure Services ZRL IS
IBM Zurich Research Lab.
Saeumerstr. 4
CH-8803 Rueschlikon 
Switzerland
----------------------------------------------------------------------------
SMTP: fba@zurich.ibm.com
Notes: Frank Bagehorn/Zurich/IBM@IBMCH
phone: ++41 (044) 724 83 23  fax: ++41 (044) 724 89 59

---------z22968_boundary_sign
Content-Type: application/x-pkcs7-signature; name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime.p7s"
Content-Description: S/MIME Cryptographic Signature

MIAGCSqGSIb3DQEHAqCAMIIUOAIBATELMAkGBSsOAwIaBQAwCwYJKoZIhvcNAQcBoIISWDCCAtow
ggJDoAMCAQICAwMUtjANBgkqhkiG9w0BAQQFADBOMQswCQYDVQQGEwJVUzEQMA4GA1UEChMHRXF1
aWZheDEtMCsGA1UECxMkRXF1aWZheCBTZWN1cmUgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTAy
MDExNDIyMDcxMVoXDTExMTIzMTIyMDcxMVowaTELMAkGA1UEBhMCVVMxNDAyBgNVBAoTK0ludGVy
bmF0aW9uYWwgQnVzaW5lc3MgTWFjaGluZXMgQ29ycG9yYXRpb24xJDAiBgNVBAMTG0lCTSBDZXJ0
aWZpY2F0aW9uIEF1dGhvcml0eTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA629xc49NpAPz
cAsuShTImLRYMkyepDEkC1UrPbsFRyAFZKsv3pw0MGfW/+7glzJKgPkPzlTZZfznznGbmAWVnNBQ
lyPasOtCjif603euRXReHcKfHMPLItKozibWIPHJuOnwNclOnnP2sKufuPzbTImQTTi5c8JZNZcM
J0YFzTcCAwEAAaOBqjCBpzARBglghkgBhvhCAQEEBAMCAIcwDgYDVR0PAQH/BAQDAgHGMB0GA1Ud
DgQWBBSuVA6S6qgzqSskLcfIbzDc3vNKQDAfBgNVHSMEGDAWgBRI5mj5K9KylddH2CMgEE8zmJCf
1DAPBgNVHRMBAf8EBTADAQH/MDEGA1UdJQQqMCgGCCsGAQUFBwMBBggrBgEFBQcDAgYIKwYBBQUH
AwMGCCsGAQUFBwMEMA0GCSqGSIb3DQEBBAUAA4GBADJye3NmC8q2PzypRZfu7JvDRDX1rRcanZvu
jQupk2oCScMd3FIHLE7hOfu8YffvxtLU3y8wNamQEORjTD175qAffryXypwtiVjBUKSDlBCQ14ke
McF9ViNdewEoBGiAycUq8R3Lrlf4TCDvW4GeguNTFFZnS0ygYATiJk7iDyvEMIIC2jCCAkOgAwIB
AgIDAxS2MA0GCSqGSIb3DQEBBAUAME4xCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFcXVpZmF4MS0w
KwYDVQQLEyRFcXVpZmF4IFNlY3VyZSBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwHhcNMDIwMTE0MjIw
NzExWhcNMTExMjMxMjIwNzExWjBpMQswCQYDVQQGEwJVUzE0MDIGA1UEChMrSW50ZXJuYXRpb25h
bCBCdXNpbmVzcyBNYWNoaW5lcyBDb3Jwb3JhdGlvbjEkMCIGA1UEAxMbSUJNIENlcnRpZmljYXRp
b24gQXV0aG9yaXR5MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDrb3Fzj02kA/NwCy5KFMiY
tFgyTJ6kMSQLVSs9uwVHIAVkqy/enDQwZ9b/7uCXMkqA+Q/OVNll/OfOcZuYBZWc0FCXI9qw60KO
J/rTd65FdF4dwp8cw8si0qjOJtYg8cm46fA1yU6ec/awq5+4/NtMiZBNOLlzwlk1lwwnRgXNNwID
AQABo4GqMIGnMBEGCWCGSAGG+EIBAQQEAwIAhzAOBgNVHQ8BAf8EBAMCAcYwHQYDVR0OBBYEFK5U
DpLqqDOpKyQtx8hvMNze80pAMB8GA1UdIwQYMBaAFEjmaPkr0rKV10fYIyAQTzOYkJ/UMA8GA1Ud
EwEB/wQFMAMBAf8wMQYDVR0lBCowKAYIKwYBBQUHAwEGCCsGAQUFBwMCBggrBgEFBQcDAwYIKwYB
BQUHAwQwDQYJKoZIhvcNAQEEBQADgYEAMnJ7c2YLyrY/PKlFl+7sm8NENfWtFxqdm+6NC6mTagJJ
wx3cUgcsTuE5+7xh9+/G0tTfLzA1qZAQ5GNMPXvmoB9+vJfKnC2JWMFQpIOUEJDXiR4xwX1WI117
ASgEaIDJxSrxHcuuV/hMIO9bgZ6C41MUVmdLTKBgBOImTuIPK8QwggMgMIICiaADAgECAgQ13vTP
MA0GCSqGSIb3DQEBBQUAME4xCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFcXVpZmF4MS0wKwYDVQQL
EyRFcXVpZmF4IFNlY3VyZSBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwHhcNOTgwODIyMTY0MTUxWhcN
MTgwODIyMTY0MTUxWjBOMQswCQYDVQQGEwJVUzEQMA4GA1UEChMHRXF1aWZheDEtMCsGA1UECxMk
RXF1aWZheCBTZWN1cmUgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MIGfMA0GCSqGSIb3DQEBAQUAA4GN
ADCBiQKBgQDBXbFYZwhi7qCaLR8IbZEUaJgKHv7aBG8ThGIhw9F8zp8F4LgB8E407OKKlQRkrPFr
U18Fs8tngL9CAo7+3QEJ7OEAFE/8+/AM3UO6WyvhH4BwmRVXkxbxD5dqt8JoIxzMTVkwrFEeO68r
1u5jRXvF2V9Q0uNQDzqI578U/eDHuQIDAQABo4IBCTCCAQUwcAYDVR0fBGkwZzBloGOgYaRfMF0x
CzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFcXVpZmF4MS0wKwYDVQQLEyRFcXVpZmF4IFNlY3VyZSBD
ZXJ0aWZpY2F0ZSBBdXRob3JpdHkxDTALBgNVBAMTBENSTDEwGgYDVR0QBBMwEYEPMjAxODA4MjIx
NjQxNTFaMAsGA1UdDwQEAwIBBjAfBgNVHSMEGDAWgBRI5mj5K9KylddH2CMgEE8zmJCf1DAdBgNV
HQ4EFgQUSOZo+SvSspXXR9gjIBBPM5iQn9QwDAYDVR0TBAUwAwEB/zAaBgkqhkiG9n0HQQAEDTAL
GwVWMy4wYwMCBsAwDQYJKoZIhvcNAQEFBQADgYEAWM4p6vz33rXOArkXtYXRuePglcwlMQ0AppJu
f7aSY55QldGab+QR3mOFbpjuqP9ayNNVsmZxV97AIes9KqcjSQEEhkJ7/O5/ohZStWdn00DbOyZY
sih3Pa4Ud2HW+ipmJ6AN+qdzXOpw8ZQhZURf+vzvKWipood573nvT6wHdzgwggMgMIICiaADAgEC
AgQ13vTPMA0GCSqGSIb3DQEBBQUAME4xCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFcXVpZmF4MS0w
KwYDVQQLEyRFcXVpZmF4IFNlY3VyZSBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwHhcNOTgwODIyMTY0
MTUxWhcNMTgwODIyMTY0MTUxWjBOMQswCQYDVQQGEwJVUzEQMA4GA1UEChMHRXF1aWZheDEtMCsG
A1UECxMkRXF1aWZheCBTZWN1cmUgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MIGfMA0GCSqGSIb3DQEB
AQUAA4GNADCBiQKBgQDBXbFYZwhi7qCaLR8IbZEUaJgKHv7aBG8ThGIhw9F8zp8F4LgB8E407OKK
lQRkrPFrU18Fs8tngL9CAo7+3QEJ7OEAFE/8+/AM3UO6WyvhH4BwmRVXkxbxD5dqt8JoIxzMTVkw
rFEeO68r1u5jRXvF2V9Q0uNQDzqI578U/eDHuQIDAQABo4IBCTCCAQUwcAYDVR0fBGkwZzBloGOg
YaRfMF0xCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFcXVpZmF4MS0wKwYDVQQLEyRFcXVpZmF4IFNl
Y3VyZSBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxDTALBgNVBAMTBENSTDEwGgYDVR0QBBMwEYEPMjAx
ODA4MjIxNjQxNTFaMAsGA1UdDwQEAwIBBjAfBgNVHSMEGDAWgBRI5mj5K9KylddH2CMgEE8zmJCf
1DAdBgNVHQ4EFgQUSOZo+SvSspXXR9gjIBBPM5iQn9QwDAYDVR0TBAUwAwEB/zAaBgkqhkiG9n0H
QQAEDTALGwVWMy4wYwMCBsAwDQYJKoZIhvcNAQEFBQADgYEAWM4p6vz33rXOArkXtYXRuePglcwl
MQ0AppJuf7aSY55QldGab+QR3mOFbpjuqP9ayNNVsmZxV97AIes9KqcjSQEEhkJ7/O5/ohZStWdn
00DbOyZYsih3Pa4Ud2HW+ipmJ6AN+qdzXOpw8ZQhZURf+vzvKWipood573nvT6wHdzgwggMmMIIC
j6ADAgECAgMCr3wwDQYJKoZIhvcNAQEEBQAwaTELMAkGA1UEBhMCVVMxNDAyBgNVBAoTK0ludGVy
bmF0aW9uYWwgQnVzaW5lc3MgTWFjaGluZXMgQ29ycG9yYXRpb24xJDAiBgNVBAMTG0lCTSBDZXJ0
aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wNTA3MTUxMTE4NTJaFw0wNjA3MjkxMTE4NTJaMIGFMQsw
CQYDVQQGEwJVUzEMMAoGA1UEChMDSUJNMREwDwYDVQQLEwhFTVBMT1lFRTEXMBUGA1UEAxMORnJh
bmsgQmFnZWhvcm4xGTAXBgoJkiaJk/IsZAEBEwk5OTk3MzA4NDgxITAfBgkqhkiG9w0BCQEWEmZi
YUB6dXJpY2guaWJtLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAsMljcpF1x+//X2Bh
sM6wIVMhYt51Zu/dNZmYT9Ab5z990kWi7c+r4o3x6pJuf5uOwD/5K9RBBiFfKOhdbKC+5MiFG2qH
p5vHfDcJkW8e1Rn+KQDCQEf7XSdZlhIXvitXO1GdZEUd6n4OwYtylanTwcGHz+8W2o8wgOL6QLG6
8W0CAwEAAaOBvjCBuzARBglghkgBhvhCAQEEBAMCBaAwDgYDVR0PAQH/BAQDAgXgMB0GA1UdDgQW
BBSE3XjE0gfxEYttZxuGAe5MDbDJ8jAtBgNVHREEJjAkoCIGCisGAQQBgjcUAgOgFAwSZmJhQHp1
cmljaC5pYm0uY29tMB8GA1UdIwQYMBaAFK5UDpLqqDOpKyQtx8hvMNze80pAMCcGA1UdJQQgMB4G
CCsGAQUFBwMCBggrBgEFBQcDAwYIKwYBBQUHAwQwDQYJKoZIhvcNAQEEBQADgYEAR27vuhpBkeBt
TiEQTBMMR45mhRoh9Brg0D1DyNbMsFL3YbPSk9+28SIEUlQu1j2ATJXCooWw4Hl/4R+GYkjZyvog
F90/smfrcxPoe/GSktJ4jpGtuXTefSOz5nHbdw3zXL4RX2FqeYRrgyFeJd0d/Fgpp+tm/AiIpUy9
sqBTqdQwggMmMIICj6ADAgECAgMCr3wwDQYJKoZIhvcNAQEEBQAwaTELMAkGA1UEBhMCVVMxNDAy
BgNVBAoTK0ludGVybmF0aW9uYWwgQnVzaW5lc3MgTWFjaGluZXMgQ29ycG9yYXRpb24xJDAiBgNV
BAMTG0lCTSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wNTA3MTUxMTE4NTJaFw0wNjA3Mjkx
MTE4NTJaMIGFMQswCQYDVQQGEwJVUzEMMAoGA1UEChMDSUJNMREwDwYDVQQLEwhFTVBMT1lFRTEX
MBUGA1UEAxMORnJhbmsgQmFnZWhvcm4xGTAXBgoJkiaJk/IsZAEBEwk5OTk3MzA4NDgxITAfBgkq
hkiG9w0BCQEWEmZiYUB6dXJpY2guaWJtLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA
sMljcpF1x+//X2BhsM6wIVMhYt51Zu/dNZmYT9Ab5z990kWi7c+r4o3x6pJuf5uOwD/5K9RBBiFf
KOhdbKC+5MiFG2qHp5vHfDcJkW8e1Rn+KQDCQEf7XSdZlhIXvitXO1GdZEUd6n4OwYtylanTwcGH
z+8W2o8wgOL6QLG68W0CAwEAAaOBvjCBuzARBglghkgBhvhCAQEEBAMCBaAwDgYDVR0PAQH/BAQD
AgXgMB0GA1UdDgQWBBSE3XjE0gfxEYttZxuGAe5MDbDJ8jAtBgNVHREEJjAkoCIGCisGAQQBgjcU
AgOgFAwSZmJhQHp1cmljaC5pYm0uY29tMB8GA1UdIwQYMBaAFK5UDpLqqDOpKyQtx8hvMNze80pA
MCcGA1UdJQQgMB4GCCsGAQUFBwMCBggrBgEFBQcDAwYIKwYBBQUHAwQwDQYJKoZIhvcNAQEEBQAD
gYEAR27vuhpBkeBtTiEQTBMMR45mhRoh9Brg0D1DyNbMsFL3YbPSk9+28SIEUlQu1j2ATJXCooWw
4Hl/4R+GYkjZyvogF90/smfrcxPoe/GSktJ4jpGtuXTefSOz5nHbdw3zXL4RX2FqeYRrgyFeJd0d
/Fgpp+tm/AiIpUy9sqBTqdQxggG7MIIBtwIBATBwMGkxCzAJBgNVBAYTAlVTMTQwMgYDVQQKEytJ
bnRlcm5hdGlvbmFsIEJ1c2luZXNzIE1hY2hpbmVzIENvcnBvcmF0aW9uMSQwIgYDVQQDExtJQk0g
Q2VydGlmaWNhdGlvbiBBdXRob3JpdHkCAwKvfDAJBgUrDgMCGgUAoIGiMBgGCSqGSIb3DQEJAzEL
BgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTA1MDgxOTE2MzAwOVowIwYJKoZIhvcNAQkEMRYE
FL1d9Rj2j7e751AYPM4iqMEuF+OeMEMGCSqGSIb3DQEJDzE2MDQwBwYFKw4DAh0wDgYIKoZIhvcN
AwICAgCAMAoGCCqGSIb3DQMHMA0GCCqGSIb3DQMCAgEoMA0GCSqGSIb3DQEBAQUABIGARWYymkWN
uK3FYkJMXQz7v3YPDqBxv6Cyd6mQYPOyc9NV18OI+SGF85xLbLuUmTZVBTv4+pJ1eJmRyOSOhYF4
4q2uT42tU2Mrl6MHsFTl6ODdggl015meCWwF/2JmmvjOi+rN1UaZuGS/72wBq8v5ygJ13ks8bBeL
3pfTkyxTSxkAAAAA

---------z22968_boundary_sign--