[OpenAFS-devel] Re: patch: make jafs work again (at least the
libadmin portion)
Jeffrey Altman
jaltman@columbia.edu
Sat, 15 Dec 2007 23:36:07 -0500
This is a cryptographically signed message in MIME format.
--------------ms080302000606060004000209
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Marcus Watts wrote:
> The whole jafs/libadmin thing has serious problems. libadmin has rxkad
> assumptions worked into its authentication logic. I don't remember
> digging into the authentication part in particular, but I expect it
> probably does depend on ka (kaserver but fakeka should work as well) for
> authentication.
The authentication dependencies are no deeper than the ktc_Auth...
calls. We need to develop a Kerberos v5 ktc interface.
> It might well have platform specific issues, in which
> case Jeff probably knows as much as anybody what Windows can do there.
libadmin is used extensively on Windows. More so there than on any
other platform because of the "Server Manager" tool.
> jafs has another whole set of problems on top. It really likes to
> iterate down and get a list of *all* the users in a cell, a *lot*.
> I think it likes to get a list of all the volumes as well.
libadmin has serious enumeration problems as well. It doesn't cache
anything. Everytime it wants a list of servers it enumerates the entire
cell and calls DNS on each server address. It performs the enumeration
for each server name is processes.
Things get really bad when there are server IP addresses without DNS
entries.
I've tried to improve some of the logic but in my opinion the whole
thing is seriously flawed and could use a total re-write.
> Some of
> this may be the demo program shipped as the sole documentation on how
> this all works, but some of this looks like wired-in software design.
> For a small "demo" system, jafs should work fine. I really doubt it
> will work in a large scale environment, like we have here at UM.
For a test of libadmin against your environment use the Windows Server
Manager.
> I made some improvements in jafs for rxk5, and some fairly minimalist
> changes to libadmin to deal with authentication, plus also some changes
> to build with java 1.6. I'm seriously considering coming up with a new
> lighter-weight "from-scratch" JNI implementation to solve some of the
> things folks want to do here at UM.
Please hold an open design discussion on openafs-devel.
Jeffrey Altman
--------------ms080302000606060004000209
Content-Type: application/x-pkcs7-signature; name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime.p7s"
Content-Description: S/MIME Cryptographic Signature
MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIJWTCC
AwcwggJwoAMCAQICEFd5KHFJEUHRe0PJhTA+3HwwDQYJKoZIhvcNAQEFBQAwYjELMAkGA1UE
BhMCWkExJTAjBgNVBAoTHFRoYXd0ZSBDb25zdWx0aW5nIChQdHkpIEx0ZC4xLDAqBgNVBAMT
I1RoYXd0ZSBQZXJzb25hbCBGcmVlbWFpbCBJc3N1aW5nIENBMB4XDTA3MDUzMTA2MTQ0MVoX
DTA4MDUzMDA2MTQ0MVowazEPMA0GA1UEBBMGQWx0bWFuMRUwEwYDVQQqEwxKZWZmcmV5IEVy
aWMxHDAaBgNVBAMTE0plZmZyZXkgRXJpYyBBbHRtYW4xIzAhBgkqhkiG9w0BCQEWFGphbHRt
YW5AY29sdW1iaWEuZWR1MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvF3HS+02
BwCXdkA4QiYBXMSCC3Qmom5k9kI4I//iPbt4z9GDiDcG6THjKOlzLjnQcYdZHkQwj8qPIF4J
7BeaBA4alJq37j2jKxV0sXTiX+SszT44cZF3HclDq0J+8a7L/6+gYxkkPhIU+2YGFWS1JRxt
QMeG/tRk8LNmgKOT4tSKLGMrkh7VTSOlbfBZxU0sP388SGcTQ5HCUCBunFUMloFMieIQHztA
4FnxauwuXP/9Yj7A6FnvIJAy9i1oQeJYcTxmV57OzDCOza5r71OwgxPxbjFYDTkZDj+tUKaY
pvDfWGnmWYENt8uoDVgKOFom443BN0XtkRHgrnm5rlKDwQIDAQABozEwLzAfBgNVHREEGDAW
gRRqYWx0bWFuQGNvbHVtYmlhLmVkdTAMBgNVHRMBAf8EAjAAMA0GCSqGSIb3DQEBBQUAA4GB
ALKxXvMMUQrYhEAzjynS32j3UAKVBH2cCvizNRV87E+ozrOufSQk9eAsRDxBYpv/WllIy/Hb
RZ4MCo+utK48ngeDxH5peRfinaMO3tCK+FaAKFcMYh4bGZkiW6HSn1pdQKnCTi0aCU55zz4X
gA4aueid3eIz4gAhVKNQgaWbgjNKMIIDBzCCAnCgAwIBAgIQV3kocUkRQdF7Q8mFMD7cfDAN
BgkqhkiG9w0BAQUFADBiMQswCQYDVQQGEwJaQTElMCMGA1UEChMcVGhhd3RlIENvbnN1bHRp
bmcgKFB0eSkgTHRkLjEsMCoGA1UEAxMjVGhhd3RlIFBlcnNvbmFsIEZyZWVtYWlsIElzc3Vp
bmcgQ0EwHhcNMDcwNTMxMDYxNDQxWhcNMDgwNTMwMDYxNDQxWjBrMQ8wDQYDVQQEEwZBbHRt
YW4xFTATBgNVBCoTDEplZmZyZXkgRXJpYzEcMBoGA1UEAxMTSmVmZnJleSBFcmljIEFsdG1h
bjEjMCEGCSqGSIb3DQEJARYUamFsdG1hbkBjb2x1bWJpYS5lZHUwggEiMA0GCSqGSIb3DQEB
AQUAA4IBDwAwggEKAoIBAQC8XcdL7TYHAJd2QDhCJgFcxIILdCaibmT2Qjgj/+I9u3jP0YOI
NwbpMeMo6XMuOdBxh1keRDCPyo8gXgnsF5oEDhqUmrfuPaMrFXSxdOJf5KzNPjhxkXcdyUOr
Qn7xrsv/r6BjGSQ+EhT7ZgYVZLUlHG1Ax4b+1GTws2aAo5Pi1IosYyuSHtVNI6Vt8FnFTSw/
fzxIZxNDkcJQIG6cVQyWgUyJ4hAfO0DgWfFq7C5c//1iPsDoWe8gkDL2LWhB4lhxPGZXns7M
MI7NrmvvU7CDE/FuMVgNORkOP61Qppim8N9YaeZZgQ23y6gNWAo4WibjjcE3Re2REeCuebmu
UoPBAgMBAAGjMTAvMB8GA1UdEQQYMBaBFGphbHRtYW5AY29sdW1iaWEuZWR1MAwGA1UdEwEB
/wQCMAAwDQYJKoZIhvcNAQEFBQADgYEAsrFe8wxRCtiEQDOPKdLfaPdQApUEfZwK+LM1FXzs
T6jOs659JCT14CxEPEFim/9aWUjL8dtFngwKj660rjyeB4PEfml5F+Kdow7e0Ir4VoAoVwxi
HhsZmSJbodKfWl1AqcJOLRoJTnnPPheADhq56J3d4jPiACFUo1CBpZuCM0owggM/MIICqKAD
AgECAgENMA0GCSqGSIb3DQEBBQUAMIHRMQswCQYDVQQGEwJaQTEVMBMGA1UECBMMV2VzdGVy
biBDYXBlMRIwEAYDVQQHEwlDYXBlIFRvd24xGjAYBgNVBAoTEVRoYXd0ZSBDb25zdWx0aW5n
MSgwJgYDVQQLEx9DZXJ0aWZpY2F0aW9uIFNlcnZpY2VzIERpdmlzaW9uMSQwIgYDVQQDExtU
aGF3dGUgUGVyc29uYWwgRnJlZW1haWwgQ0ExKzApBgkqhkiG9w0BCQEWHHBlcnNvbmFsLWZy
ZWVtYWlsQHRoYXd0ZS5jb20wHhcNMDMwNzE3MDAwMDAwWhcNMTMwNzE2MjM1OTU5WjBiMQsw
CQYDVQQGEwJaQTElMCMGA1UEChMcVGhhd3RlIENvbnN1bHRpbmcgKFB0eSkgTHRkLjEsMCoG
A1UEAxMjVGhhd3RlIFBlcnNvbmFsIEZyZWVtYWlsIElzc3VpbmcgQ0EwgZ8wDQYJKoZIhvcN
AQEBBQADgY0AMIGJAoGBAMSmPFVzVftOucqZWh5owHUEcJ3f6f+jHuy9zfVb8hp2vX8MOmHy
v1HOAdTlUAow1wJjWiyJFXCO3cnwK4Vaqj9xVsuvPAsH5/EfkTYkKhPPK9Xzgnc9A74r/rsY
Pge/QIACZNenprufZdHFKlSFD0gEf6e20TxhBEAeZBlyYLf7AgMBAAGjgZQwgZEwEgYDVR0T
AQH/BAgwBgEB/wIBADBDBgNVHR8EPDA6MDigNqA0hjJodHRwOi8vY3JsLnRoYXd0ZS5jb20v
VGhhd3RlUGVyc29uYWxGcmVlbWFpbENBLmNybDALBgNVHQ8EBAMCAQYwKQYDVR0RBCIwIKQe
MBwxGjAYBgNVBAMTEVByaXZhdGVMYWJlbDItMTM4MA0GCSqGSIb3DQEBBQUAA4GBAEiM0VCD
6gsuzA2jZqxnD3+vrL7CF6FDlpSdf0whuPg2H6otnzYvwPQcUCCTcDz9reFhYsPZOhl+hLGZ
GwDFGguCdJ4lUJRix9sncVcljd2pnDmOjCBPZV+V2vf3h9bGCE6u9uo05RAaWzVNd+NWIXiC
3CEZNd4ksdMdRv9dX2VPMYIDZDCCA2ACAQEwdjBiMQswCQYDVQQGEwJaQTElMCMGA1UEChMc
VGhhd3RlIENvbnN1bHRpbmcgKFB0eSkgTHRkLjEsMCoGA1UEAxMjVGhhd3RlIFBlcnNvbmFs
IEZyZWVtYWlsIElzc3VpbmcgQ0ECEFd5KHFJEUHRe0PJhTA+3HwwCQYFKw4DAhoFAKCCAcMw
GAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMDcxMjE2MDQzNjA3
WjAjBgkqhkiG9w0BCQQxFgQUnQ/nN1zV4e+YLfAI4d9lYjI3dpAwUgYJKoZIhvcNAQkPMUUw
QzAKBggqhkiG9w0DBzAOBggqhkiG9w0DAgICAIAwDQYIKoZIhvcNAwICAUAwBwYFKw4DAgcw
DQYIKoZIhvcNAwICASgwgYUGCSsGAQQBgjcQBDF4MHYwYjELMAkGA1UEBhMCWkExJTAjBgNV
BAoTHFRoYXd0ZSBDb25zdWx0aW5nIChQdHkpIEx0ZC4xLDAqBgNVBAMTI1RoYXd0ZSBQZXJz
b25hbCBGcmVlbWFpbCBJc3N1aW5nIENBAhBXeShxSRFB0XtDyYUwPtx8MIGHBgsqhkiG9w0B
CRACCzF4oHYwYjELMAkGA1UEBhMCWkExJTAjBgNVBAoTHFRoYXd0ZSBDb25zdWx0aW5nIChQ
dHkpIEx0ZC4xLDAqBgNVBAMTI1RoYXd0ZSBQZXJzb25hbCBGcmVlbWFpbCBJc3N1aW5nIENB
AhBXeShxSRFB0XtDyYUwPtx8MA0GCSqGSIb3DQEBAQUABIIBAJwrpZNsH3UvLR9XPFbLjbvF
BRQaIFO+pzM8Pgque2fy32ne91SaGj2VnytNQaN8ycBKPaihKZFemhHttF9ywRYBUEnf7cwb
9Wjch2CjLAmSL2KZ/zpvCjk3rfodKaYH82yJWgC9ykARJ+Ye4CNhtXAvnQdfG1VXLu11JdQ/
Mj7Eijdb8tPXsWd1V8R0+eTPIgwzjCvB/xEHpxIA/d75hXf7c/dyvUKJAo4BTYY7X7uk4R9E
NHEkQfQHXyQglFtTBawfpJMWlDdmVLoMu10Cw74o4+ePBhZaJWoFRDcPRXN821pBCDM6rnsp
qqEp9M7hK9fToUI4qq5f019iC9RNi+4AAAAAAAA=
--------------ms080302000606060004000209--