[OpenAFS] Any way to create srvtabs for use with kaserver...

Derek Atkins warlord@MIT.EDU
06 Mar 2002 10:20:10 -0500 

Move /usr/afsws/lib/libdes.a later in the list.  Link-order matters.

-derek

Eric Knudstrup <eric@knudstrup.org> writes:

> Ok, I put something together, now when I do a make I get this (I already nailed
> down a bunch of other undefined references):
> 
>  make
> gcc afssvcd.c -o afssvcd -I/usr/afsws/include /usr/afsws/lib/libubik.a
> /usr/afsws/lib/libdes.a /usr/afsws/lib/afs/libprot.a
> /usr/afsws/lib/afs/libauth.a /usr/afsws/lib/librxkad.a
> /usr/afsws/lib/afs/libsys.a /usr/afsws/lib/librxstat.a /usr/afsws/lib/librx.a
> /usr/afsws/lib/afs/libsys.a /usr/afsws/lib/liblwp.a /usr/afsws/lib/afs/libcmd.a
> /usr/afsws/lib/afs/libcom_err.a /usr/afsws/lib/afs/util.a
> /usr/afsws/lib/afs/libkauth.a /usr/afsws/lib/libafsrpc.a
> /usr/afsws/lib/libafsauthent.a -lpthread
> /usr/afsws/lib/libafsauthent.a(read_passwd.o): In function `des_read_password':
> /usr/local/src/openafs-1.0.4/i386_linux22/obj/libafsauthent/../kauth/read_passwd.c:70:
> undefined reference to `des_string_to_key'
> collect2: ld returned 1 exit status
> 
> nm shows what seems to be a perfectly good "T" entry for des_string_to_key in
> libdes.a.
> What gives?  This seems to be inexplicable behavior to me...
> 
> TIA,
> 
> Eric
> 
> Quoting Marcus Watts <mdw@umich.edu>:
> 
> > Eric Knudstrup <eric@knudstrup.org> writes:
> > > To: openafs-info@openafs.org
> > > Subject: Re: [OpenAFS] Any way to create srvtabs for use with
> > kaserver...
> > > Message-ID: <1015125634.3c81968247711@knudstrup.org>
> > > From: Eric Knudstrup <eric@knudstrup.org>
> > > Date: Sat, 02 Mar 2002 19:20:34 -0800 (PST)
> > > 
> > > So, could I use KAM_GetRandomKey(), use that for KAM_CreateUser(),
> > then save
> > > the
> > > EncryptionKey/struct ktc_encryptionKey off in a -r-------- file?
> > > Then I'm assuming I could use ka_Authenticate, or is there a better
> > function?
> > > I had another question.  Is there a function that will give me a
> > PAG?
> > > The API reference PDF is pretty vague...
> > 
> > Sure you can do that.  Once you've created your principal,
> > you could also make a K4 srvtab and use K4 library functions
> > instead.  A K4 srvtab looks something like this:
> > 
> > 0000000   s   p   e   r   l  \0   t   e   s   t  \0   U   M   I   C  
> > H
> > 0000020   .   E   D   U  \0 003 277 320   I 313 001 217 032   z
> > 0000036
> > 
> > Where
> > 	principal's name:	sperl.test@UMICH.EDU
> > 	kvno:
> 		3
> > 	key:
> 		BFD049CB018F017A
> > 
> > That is:
> > 	null terminated name
> > 	null terminated instance
> > 	null terminated realm (upper-case)
> > 	1 byte kvno
> > 	8 bytes key
> > 
> > multiple keys can be put in one srvtab -- just concatenate
> > them together.
> > 
> > The AFS library functions don't know about srvtabs (at least,
> > not out of the box).  It's easy enough to teach them how
> > to use one -- it's even possible to have an RX server (as opposed
> > to an AFS client application) that uses a srvtab.
> > 
> > To make a pag, call "setpag".  Or "lsegpag", if you want to avoid
> > linking in the rmtsys stuff.  Beware: don't call setpag too often.
> > If a bunch of them come in at once, the kernel may insert sleeps
> > to avoid executing more than one setpag per second.  If you have
> > an application that expects to authenticate itself as several
> > different
> > things, it's better to do one setpag and reuse the pag for each
> > authentication.  If you are always using one cell, you don't need
> > to do any cleanup between uses.  If you plan on something more
> > complicated, you might want to unlog and clean out tokens
> > in the kernel.  It is good practice to unlog when you are through.
> > This avoids stuffing up kernel tables with lots of not quite
> > dead tokens.  The unlog is done with a pioctl -- look at the AFS
> > source for the "unlog" cmd to find out what it's called, and
> > what include files you need.
> > 
> > 	
> 		-Marcus Watts
> > 	
> 		UM ITCS Umich Systems Group
> > 
> _______________________________________________
> OpenAFS-info mailing list
> OpenAFS-info@openafs.org
> https://lists.openafs.org/mailman/listinfo/openafs-info

-- 
       Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
       Member, MIT Student Information Processing Board  (SIPB)
       URL: http://web.mit.edu/warlord/    PP-ASEL-IA     N1NWH
       warlord@MIT.EDU                        PGP key available