[OpenAFS] Any way to create srvtabs for use with kaserver...

Marcus Watts mdw@umich.edu
Sat, 02 Mar 2002 22:52:51 -0500


Eric Knudstrup <eric@knudstrup.org> writes:
> To: openafs-info@openafs.org
> Subject: Re: [OpenAFS] Any way to create srvtabs for use with kaserver...
> Message-ID: <1015125634.3c81968247711@knudstrup.org>
> From: Eric Knudstrup <eric@knudstrup.org>
> Date: Sat, 02 Mar 2002 19:20:34 -0800 (PST)
> 
> So, could I use KAM_GetRandomKey(), use that for KAM_CreateUser(), then save
> the
> EncryptionKey/struct ktc_encryptionKey off in a -r-------- file?
> Then I'm assuming I could use ka_Authenticate, or is there a better function?
> I had another question.  Is there a function that will give me a PAG?
> The API reference PDF is pretty vague...

Sure you can do that.  Once you've created your principal,
you could also make a K4 srvtab and use K4 library functions
instead.  A K4 srvtab looks something like this:

0000000   s   p   e   r   l  \0   t   e   s   t  \0   U   M   I   C   H
0000020   .   E   D   U  \0 003 277 320   I 313 001 217 032   z
0000036

Where
	principal's name:	sperl.test@UMICH.EDU
	kvno:			3
	key:			BFD049CB018F017A

That is:
	null terminated name
	null terminated instance
	null terminated realm (upper-case)
	1 byte kvno
	8 bytes key

multiple keys can be put in one srvtab -- just concatenate
them together.

The AFS library functions don't know about srvtabs (at least,
not out of the box).  It's easy enough to teach them how
to use one -- it's even possible to have an RX server (as opposed
to an AFS client application) that uses a srvtab.

To make a pag, call "setpag".  Or "lsegpag", if you want to avoid
linking in the rmtsys stuff.  Beware: don't call setpag too often.
If a bunch of them come in at once, the kernel may insert sleeps
to avoid executing more than one setpag per second.  If you have
an application that expects to authenticate itself as several different
things, it's better to do one setpag and reuse the pag for each
authentication.  If you are always using one cell, you don't need
to do any cleanup between uses.  If you plan on something more
complicated, you might want to unlog and clean out tokens
in the kernel.  It is good practice to unlog when you are through.
This avoids stuffing up kernel tables with lots of not quite
dead tokens.  The unlog is done with a pioctl -- look at the AFS
source for the "unlog" cmd to find out what it's called, and
what include files you need.

				-Marcus Watts
				UM ITCS Umich Systems Group