[OpenAFS-devel] GSOC 2010: Userspace NFS->AFS translator

Jeffrey Hutzelman jhutz@cmu.edu
Thu, 08 Apr 2010 16:36:28 -0400 

--On Tuesday, April 06, 2010 02:20:20 AM +0200 Nitish Sharma 
<sharmanitishdutt@gmail.com> wrote:

> Hello everyone,
> I, Nitish Dutt Sharma, am a Computer Science masters student and highly
> interested in making contribution to OpenAFS project through GSoc 2010. I
> recently came across OpenAFS project, while researching  for my
> Distributed Systems course. The project sounds very appealing to me.
> I have good experience in C, by the work I've done in GNU/Linux kernel
> development, and right now I am working with a group on Android kernel
> development. I also have, relatively less as compared to C, experience in
> C++, Java and python.
> *Userspace NFS -> AFS translator* project interested me the most and I
> believe I have the appropriate skill set required for this project.
> I am relatively new to OpenAFS, but have experience using NFS. I discussed
> the project on IRC channel and received very good pointers to approach it.
> I've started studying the AFS documentation and will try to come up with a
> rough proposal draft, very soon.
> Since, one of the critical part of this project involves authentication
> mappings, it would be great if someone could provide me with resource for
> OpenAFS authentication, or Is it exactly same as Kerberos (and I should
> rather study it)? Any other suggestions/advices/resources are also
> welcome. Also, please let me know who could possibly mentor this project.

Actually, a translator which provided only unauthenticated access to AFS 
would likely be quite useful, and I suspect that alone will be a fairly 
substantial piece of work.  Dealing with user credentials will be a fairly 
late part of the project, if it fits into the GSoC timeline at all.

In any case, this project is expected to be built on top of OpenAFS's 
existing userspace cache manager, libuafs, which will handle most of the 
authentication details.  The translator will be responsible for accepting 
and storing credentials from users, keeping track of which credentials 
belong to which NFS clients, and handling libuafs the correct credentials 
for each operation.  Likely it will want to support OpenAFS's remote system 
call (rmtsys) interface as well as some form of local tool for managing 
credentials.

At its core, AFS's authentication is based on Kerberos.  There are really 
quite a lot of AFS-specific bits, but if you understand how Kerberos works 
well enough to use it and correctly deploy simple services, you should have 
sufficient knowledge for the authentication-related parts of this task.

-- Jeff