[OpenAFS] Any way to create srvtabs for use with kaserver...

Eric Knudstrup eric@knudstrup.org
Wed, 06 Mar 2002 03:57:53 -0800 (PST) 

Ok, I put something together, now when I do a make I get this (I already nailed
down a bunch of other undefined references):

 make
gcc afssvcd.c -o afssvcd -I/usr/afsws/include /usr/afsws/lib/libubik.a
/usr/afsws/lib/libdes.a /usr/afsws/lib/afs/libprot.a
/usr/afsws/lib/afs/libauth.a /usr/afsws/lib/librxkad.a
/usr/afsws/lib/afs/libsys.a /usr/afsws/lib/librxstat.a /usr/afsws/lib/librx.a
/usr/afsws/lib/afs/libsys.a /usr/afsws/lib/liblwp.a /usr/afsws/lib/afs/libcmd.a
/usr/afsws/lib/afs/libcom_err.a /usr/afsws/lib/afs/util.a
/usr/afsws/lib/afs/libkauth.a /usr/afsws/lib/libafsrpc.a
/usr/afsws/lib/libafsauthent.a -lpthread
/usr/afsws/lib/libafsauthent.a(read_passwd.o): In function `des_read_password':
/usr/local/src/openafs-1.0.4/i386_linux22/obj/libafsauthent/../kauth/read_passwd.c:70:
undefined reference to `des_string_to_key'
collect2: ld returned 1 exit status

nm shows what seems to be a perfectly good "T" entry for des_string_to_key in
libdes.a.
What gives?  This seems to be inexplicable behavior to me...

TIA,

Eric

Quoting Marcus Watts <mdw@umich.edu>:

> Eric Knudstrup <eric@knudstrup.org> writes:
> > To: openafs-info@openafs.org
> > Subject: Re: [OpenAFS] Any way to create srvtabs for use with
> kaserver...
> > Message-ID: <1015125634.3c81968247711@knudstrup.org>
> > From: Eric Knudstrup <eric@knudstrup.org>
> > Date: Sat, 02 Mar 2002 19:20:34 -0800 (PST)
> > 
> > So, could I use KAM_GetRandomKey(), use that for KAM_CreateUser(),
> then save
> > the
> > EncryptionKey/struct ktc_encryptionKey off in a -r-------- file?
> > Then I'm assuming I could use ka_Authenticate, or is there a better
> function?
> > I had another question.  Is there a function that will give me a
> PAG?
> > The API reference PDF is pretty vague...
> 
> Sure you can do that.  Once you've created your principal,
> you could also make a K4 srvtab and use K4 library functions
> instead.  A K4 srvtab looks something like this:
> 
> 0000000   s   p   e   r   l  \0   t   e   s   t  \0   U   M   I   C  
> H
> 0000020   .   E   D   U  \0 003 277 320   I 313 001 217 032   z
> 0000036
> 
> Where
> 	principal's name:	sperl.test@UMICH.EDU
> 	kvno:
		3
> 	key:
		BFD049CB018F017A
> 
> That is:
> 	null terminated name
> 	null terminated instance
> 	null terminated realm (upper-case)
> 	1 byte kvno
> 	8 bytes key
> 
> multiple keys can be put in one srvtab -- just concatenate
> them together.
> 
> The AFS library functions don't know about srvtabs (at least,
> not out of the box).  It's easy enough to teach them how
> to use one -- it's even possible to have an RX server (as opposed
> to an AFS client application) that uses a srvtab.
> 
> To make a pag, call "setpag".  Or "lsegpag", if you want to avoid
> linking in the rmtsys stuff.  Beware: don't call setpag too often.
> If a bunch of them come in at once, the kernel may insert sleeps
> to avoid executing more than one setpag per second.  If you have
> an application that expects to authenticate itself as several
> different
> things, it's better to do one setpag and reuse the pag for each
> authentication.  If you are always using one cell, you don't need
> to do any cleanup between uses.  If you plan on something more
> complicated, you might want to unlog and clean out tokens
> in the kernel.  It is good practice to unlog when you are through.
> This avoids stuffing up kernel tables with lots of not quite
> dead tokens.  The unlog is done with a pioctl -- look at the AFS
> source for the "unlog" cmd to find out what it's called, and
> what include files you need.
> 
> 	
		-Marcus Watts
> 	
		UM ITCS Umich Systems Group
>