[OpenAFS-devel] Krb5-only and KeyFile?

Henry B. Hotz hotz@jpl.nasa.gov
Wed, 8 Jun 2005 00:18:40 -0700 

The krbafs lib from MIT is a (much!) older version of libkafs which  
builds against MIT quite nicely.  Doesn't have any of the nice K5  
ticket stuff in it, and what K5 stuff it has isn't documented.

The latest libkafs in Heimdal has a man page that describes (some of)  
the K5 stuff it does.

Is there a man page for libsys?

On Jun 7, 2005, at 9:01 AM, openafs-devel-request@openafs.org wrote:

> Date: Mon, 06 Jun 2005 21:07:26 -0400
> From: Jeffrey Hutzelman <jhutz@cmu.edu>
> To: Russ Allbery <rra@stanford.edu>, openafs-devel@openafs.org
> Subject: Re: [OpenAFS-devel] Krb5-only and KeyFile?
>
>
>
> On Monday, June 06, 2005 05:26:02 PM -0700 Russ Allbery  
> <rra@stanford.edu>
> wrote:
>
>> Troy Benjegerdes <hozer@hozed.org> writes:
>>
>>> So, if I'm interested in getting openafs/src/aklog/ updated, and
>>> included, would it maybe be best to try to port libkafs to work with
>>> both heimdal and MIT kerberos? (and the corresponding configure  
>>> hackery
>>> to auto-detect which flavor?)
>>
>> The bits you need to do the kernel stuffing should already be in  
>> libsys
>> (just to avoid creating yet more OpenAFS libraries).  This is where  
>> the
>> previous discussion about providing a shared AFS system call interface
>> library comes up, though, and the general feeling was that the autoreg
>> stuff was important enough that you need PTS anyway, at which point  
>> you
>> may as well just link with the regular AFS libraries and not worry  
>> about
>> limited libraries like libkafs.
>
>
> In general, I would strongly discourage folks from writing their own  
> code
> to do token-stuffing or other AFS syscalls if at all possible, and  
> instead
> to use one of libsys or libkafs.
>
> I would also argue strongly against including code in OpenAFS which  
> depends
> on libkafs rather than using libsys.  The reason is that as OpenAFS is
> ported to new platforms (and new versions of existing platforms), the
> user<->kernel interface is likely to change, and libsys usually knows  
> about
> these changes sooner than libkafs.
>
> -- Jeff
>
------------------------------------------------------------------------ 
----
The opinions expressed in this message are mine,
not those of Caltech, JPL, NASA, or the US Government.
Henry.B.Hotz@jpl.nasa.gov, or hbhotz@oxy.edu