[OpenAFS-devel] JAFS make error

Marcus Watts mdw@spam.ifs.umich.edu
Sat, 09 Jun 2007 03:57:40 -0400 

kane96@gmx.de writes:
> Date:    Fri, 08 Jun 2007 13:42:07 +0200
> To:      OpenAFS-devel@openafs.org
> From:    kane96@gmx.de
> Subject: Re: [OpenAFS-devel] JAFS make error
> 
> > I used "--disable-transarc-paths" and JAFS can find the local-cell-name
> > now.
> > But there is the next error when creating token t0 in testAFS.java:
> > 
> > Ubik Call failedAFSException: Error Code: 180498; Message: Ubik Call
> > failed
> > 
> > 	at org.openafs.jafs.Token.getToken(Native Method)
> > 	at org.openafs.jafs.Token.login(Token.java:252)
> > 	at org.openafs.jafs.Token.<init>(Token.java:166)
> > 	at testAFS.main(testAFS.java:643)
> > 
> 
> I think the problem is that we use Kerberos V and not kaserver.
> Are there any implementations for authentification on Kerberos V for JAFS? 

All the recent releases of openafs contain exactly the same copy of jafs,
and that copy of jafs requires kaserver.

You don't say what version of Kerberos V you are running.  If you
were running MIT kerberos V, you could also build and run fakeka.
That won't get you a working version of jafs, but it will get you closer.
jafs uses afsclient_TokenGetNew from libclientadmin.a - which always
calls both GetAFSToken (which will work you run fakeka), and GetKASToken
(which will *not* work with fakeka.)

So, I'm working on an improved version of jafs.  I plan to do these
three things:

/1/ make it work without kas.
/2/ make it work with kerberos 5 + rxkad.
/3/ make it work with kerberos 5 + rxk5.
I'm now discovering I also need to do a bit of
/4/ fix stupid error handling.
	There are a lot of places both in the test utility and in
	libjafs where the error behavior is to loop forever printing
	error messages.

I have something that gets past /1/, but runs into assorted
problems after that.  It didn't like not having /afs/.<cell> available,
the missing kas token caused other things to blow up, &etc.

I don't actually like the way that "Token" works at all.  Passing in
cellname is ok.  Passing in the user identity is ok, although passing in
an empty/null name to set noauth mode is interesting.  Passing in a
password sucks.  For an automated process, I'd also like to be able to
work with srvtabs, keytabs, getting a token from an already-authenticated
pag, or using an existing kerberos 5 credentials cache.  I'm not at
all sure how a java programmer would expect to do these things.

				-Marcus Watts