[OpenAFS-devel] Progress on Linux in-kernel RxRPC library
Kyle Moffett
mrmacman_g4@mac.com
Sun, 20 Mar 2005 23:33:37 -0500
On Mar 20, 2005, at 22:19, Derrick J Brashear wrote:
> On Sun, 20 Mar 2005, Kyle Moffett wrote:
>
>>>> what format the Kerberos stuff is in, you only care that _something_
>>>> understands it enough to give you an OpenAFS token when you want
>>>> one.
>>> Well, that's not entirely true. The RPC layer needs to be able to
>>> choose a
>>> single credential out of the cache it has.
>>
>> Fine, so tell call_usermode_helper to set the KEY_ID environment
>> variable
>> before calling the program.
>
> I think we're talking at cross purposes here. What would that
> accomplish?
> What I'm getting at is I assume (something) writes the kerberos
> credential
> cache into a key.
Why do you need the Kerberos credentials? As I understand it, for any
given
RxRPC connection, all you need is the OpenAFS token, nothing more. I
envision
a "linuxklog" tool that basically does this:
int main() {
kerberos_ticket_t *tgt, *srvtkt;
afs_token_t *tok;
kerberos_init();
if (!(srvtkt = kerberos_read_ticket("afs/<cell>"))) {
tgt = kerberos_read_ticket("krbtgt/<realm>");
srvtkt = kerberos_get_ticket(tgt,"afs/<cell>");
}
tok = token_from_ticket(srvtkt);
put_token_to_kernel(tok);
kerberos_exit();
exit(0);
}
The only part OpenAFS would care about is the format of "afs_token_t"
when
it gets sent from userspace to the kernel. Since you're using an
external
Kerberos library, you don't care about Kerberos config or tickets or
anything else.
Cheers,
Kyle Moffett
-----BEGIN GEEK CODE BLOCK-----
Version: 3.12
GCM/CS/IT/U d- s++: a18 C++++>$ UB/L/X/*++++(+)>$ P+++(++++)>$
L++++(+++) E W++(+) N+++(++) o? K? w--- O? M++ V? PS+() PE+(-) Y+
PGP+++ t+(+++) 5 X R? tv-(--) b++++(++) DI+ D+ G e->++++$ h!*()>++$ r
!y?(-)
------END GEEK CODE BLOCK------