[OpenAFS-devel] Interest in Contributing to AFSIO GSoC Project

[Michael Meffie]

On Fri, 21 Mar 2025 00:55:24 +0530
Krishay Rathaure <krishayrathaureimkr@gmail.com> wrote:

> Dear Mentors,
> 
> I hope this email finds you well.
> 
> My name is Krishay Rathaure, and I'm a B.Tech student at the Indian
> Institute of Technology Indore, India. I've two years of experience in C
> programming, network security, and CLI development, including leading a CTF
> team and collaborating on multiple projects at national hackathons. Given
> my passion for distributed file systems and open-source software, I am
> excited about the afsio: Add Mount Point and ACL Creation Support project
> for GSoC.
> 
> I have been exploring the OpenAFS repository and reviewing afsio’s
> functionality, and I’m eager to contribute by extending these commands and
> refining my proposal based on your guidance.

Hello Krishay,

Thank you for your interest in OpenAFS.

> To ensure my proposal aligns with the project’s needs, I would appreciate
> clarification on a few points:
> 
>    1. What is the best practice for enabling authenticated access in afsio?
>    Should I integrate existing mechanisms (such as "aklog" with system calls)
>    or consider alternative approaches?

A general solution will be quite challenging.  Currently, authenticated access
requires the kernel module since tokens are stored in the kernel. The afsio
runs without the kernel, so the tokens are not present.  See the code in
src/auth/authcon.c for more details. It could be possible to construct a token
from the user's kerberos ticket (as is done by aklog) in userspace and use that
for the Rx security class.

A first step may be to just support a "-localauth" option, like is already
present in other commands.  This would only be useful for limited scenarios.
The user would be required to run afsio on a machine that has the service
keys and would need to have permissions to read the keys, e.g. running
as root on a fileserver.  But even this could be useful for setting up
a new cell before a cache manager is ready.


>    2. How is mount point creation expected to interact with AFS volumes?
>    Are there specific system calls or libraries you prefer for this
>    functionality?

afsio is based on our library called libafscp. I expect that library would
need to be extended. Mount points are actually symlinks with a special target
syntax.

>    3. Are there any areas in the current afsio interface that need
>    immediate improvement or could benefit from a redesign?

I think that would be out of scope for this 12 week project, it will
be challenging enough.

>    4. What testing methods do you recommend for different system
>    configurations (e.g., containers or VMs)?

I think you'll want to have at least one virtual machine with the unchanged
cache manager (with the kernel module running) to test and check.  Normally
you'll want to setup a test cell on one or more virtual machines. This
can be done manually or with Ansible, for example.


> I would love to hear your thoughts on these focus areas and any recommended
> initial contributions before the application period. Please let me know if
> you have any questions for me.
> 
> Thank you for your time. I look forward to your response and suggestions.
> 
> Best regards,
> Krishay Rathaure
> Linkedin <https://www.linkedin.com/in/krishay-rathaure/>
> +91-9810309960

Thanks Krishay.


-- 
Michael Meffie <mmeffie@sinenomine.net>