[OpenAFS-devel] Re: patch: make jafs work again (at least the libadmin portion)

Marcus Watts mdw@spam.ifs.umich.edu
Sat, 15 Dec 2007 21:22:20 -0500 

> Date:    Sat, 15 Dec 2007 08:36:34 PST
> To:      openafs-devel@openafs.org
> From:    Adam Megacz <megacz@cs.berkeley.edu>
> Subject: [OpenAFS-devel] Re: patch: make jafs work again (at least the libadmin
>      *** portion)
> 
> Jeffrey Altman <jaltman@secure-endpoints.com> writes:
> >>     cache manager).  This calls afsclient_TokenGetExisting().  Use
> >>     this if you're in a non-kaserver cell.
> 
> > Can you explain why this is specific to a non-kaserver cell?
> 
> I don't believe that it is the case.  I intended to indicate the
> converse: that non-kaserver cells need to use this mechanism and not
> the other.
> 
> It was my understanding that the preexisting username/password
> constructor only works with kaserver, but I could be completely wrong
> there.  But if that's the case, then the constructor I added is the
> only one that would work in a non-kaserver cell.
> 
>   - a
> 
> -- 
> PGP/GPG: 5C9F F366 C9CF 2145 E770  B1B8 EFB1 462D A146 C380

The whole jafs/libadmin thing has serious problems.  libadmin has rxkad
assumptions worked into its authentication logic.  I don't remember
digging into the authentication part in particular, but I expect it
probably does depend on ka (kaserver but fakeka should work as well) for
authentication.  It might well have platform specific issues, in which
case Jeff probably knows as much as anybody what Windows can do there.

jafs has another whole set of problems on top.  It really likes to
iterate down and get a list of *all* the users in a cell, a *lot*.
I think it likes to get a list of all the volumes as well.  Some of
this may be the demo program shipped as the sole documentation on how
this all works, but some of this looks like wired-in software design.
For a small "demo" system, jafs should work fine.  I really doubt it
will work in a large scale environment, like we have here at UM.

I made some improvements in jafs for rxk5, and some fairly minimalist
changes to libadmin to deal with authentication, plus also some changes
to build with java 1.6.  I'm seriously considering coming up with a new
lighter-weight "from-scratch" JNI implementation to solve some of the
things folks want to do here at UM.

				-Marcus Watts