[OpenAFS-devel] Krb5-only and KeyFile?
Jeffrey Hutzelman
jhutz@cmu.edu
Mon, 06 Jun 2005 21:07:26 -0400
On Monday, June 06, 2005 05:26:02 PM -0700 Russ Allbery <rra@stanford.edu>
wrote:
> Troy Benjegerdes <hozer@hozed.org> writes:
>
>> So, if I'm interested in getting openafs/src/aklog/ updated, and
>> included, would it maybe be best to try to port libkafs to work with
>> both heimdal and MIT kerberos? (and the corresponding configure hackery
>> to auto-detect which flavor?)
>
> The bits you need to do the kernel stuffing should already be in libsys
> (just to avoid creating yet more OpenAFS libraries). This is where the
> previous discussion about providing a shared AFS system call interface
> library comes up, though, and the general feeling was that the autoreg
> stuff was important enough that you need PTS anyway, at which point you
> may as well just link with the regular AFS libraries and not worry about
> limited libraries like libkafs.
In general, I would strongly discourage folks from writing their own code
to do token-stuffing or other AFS syscalls if at all possible, and instead
to use one of libsys or libkafs.
I would also argue strongly against including code in OpenAFS which depends
on libkafs rather than using libsys. The reason is that as OpenAFS is
ported to new platforms (and new versions of existing platforms), the
user<->kernel interface is likely to change, and libsys usually knows about
these changes sooner than libkafs.
-- Jeff