[OpenAFS-devel] hidden commands
Marcus Watts
mdw@spam.ifs.umich.edu
Sat, 09 Jun 2007 04:32:05 -0400
"Steven Jenkins" <steven.jenkins@gmail.com> sent:
...
> At umich.edu when we were running kaserver, we ran with "GETPASSWORD"
> > enabled. We used it so that we could rename principals -- ptserver has a
> > rename option, but kaserver doesn't. With special code running on the kdc
> > though, we could fetch the key, save it, delete the old ka instance,
> > create a new ka instance, and restore the user's key. Since k4 keys
> > didn't
> > depend on the principal (only the cell), this worked.
> >
> ...
>
> Would removing the code from the src tree be the best option at this point?
Why? And which code are you talking about?
uniqname code to handle renaming principals in kaserver?
kaprocs.c code kamGetPassword?
kaprocs.c code kamGetEntry if logic for memcpy(&aentry->key... ?
admin_tools.c GetPassword command?
kauth.rg Getpassword grammar?
I think some more beneficial things we could do which would move
retiring kaserver forward include:
/1/ revise install directions to describe installing with
kerberos V kdc by default. (both MIT & heimdal?)
/2/ put --enable-kaserver/--disable-kaserver into distributions.
/3/ make klog.k5 (from cvs head) the default in distributions.
I think a lot of sites already run without kaserver, so these
3 things should be close to reflecting status quo. /1/ has
already come up several times--have we done something about this yet?
The rxk5 version of klog.k5 may have an interesting use of CMD_HIDDEN .
It has options "-k4" and "-k5" to enable the use of rxkad or rxk5.
If built without rxk5 support, it still supports the "-k4" option,
but makes it hidden.
-Marcus