[OpenAFS] SAMBA - AFS bridge?

Kevin Rowland krowland@nd.edu
Mon, 12 Nov 2001 08:56:28 -0500


The University of Michigan implemented a Network Provider module that
interfaces with a kerberized "rendezvous" daemon that runs on each samba
server. The idea is this:

Let the client obtain it's own AFS token, connect to the rendezvous
daemon, supply the token, receive a random "cookie" to be used as a
password, close connection to rendezvous and continue with the SMB
connection to the samba server replacing the user's *real* password (or
NTLM hash) with the cookie (or hash of cookie) that was obtained. The
connection with the rendezvous daemon uses kerberos session keys for
encryption (thus requiring a Kerberos client to be available to the
Network Provider -- I'm working on using MIT KfW for that).

When the samba server receives the connection attempt, it looks in the
rendezvous file, for the token to use (based on cookie given, IP
address, username, etc...). If a match is found, the corresponding token
is set in the kernel (via pioctl()) and your on your way...

It does take a little development on the Win32 side to get the Network
Provider, but the concept seems sound to me and worth investigating if
you have some time to develop.

UMICH's work can be found here:
http://rsug.itd.umich.edu/software/ksamba.html

-- kevin

/------------------------------------\
| Kevin Rowland                      |
| Sr. Systems Engineer               |
| Office of Information Technology   |
| University of Notre Dame           |
\------------------------------------/

"Tompkins, Joel L" wrote:
> 
> Can anyone out there tell me if there is any kind of SAMBA - AFS
> bridge?? (apologies to Charles Clancy for the mis-send)
> 
> Joel Tompkins
> Senior Information Systems Engineer
> Boise Cascade Corporation
> 208-384-6415
> joel_tompkins@bc.com
> 
> _______________________________________________
> OpenAFS-info mailing list
> OpenAFS-info@openafs.org
> https://lists.openafs.org/mailman/listinfo/openafs-info

--