[OpenAFS] clientName.name: AFS ID v. UNIX UID

[David Botsch]

Right. However, if I want to get a list of what afs id's in what cells 
I have tokens as, it doesn't seem I can do this, then, if that portion 
of the token is not of the form AFS ID XXXX (unless someone can come up 
with another method for getting a list of AFS IDs in what cells I have 
tokens other than just looking at the tokens I have).

Looking at the klog.c code, I've put a wrapper around it which takes in 
the username and password and cell name. So, I then pass that off to 
ka_UserAuthenticateGeneral. The result, however, is that if I log into 
one cell and then log into a second cell (where my afs uid is different 
from the first), I will typically, but not always, get the message: 
"UserAuthenticate: ptserver: User or group doesn't exist translating 
username to id"

It's as if the code is somehow talking to the ptserver from the first 
login or not reinitializing itself properly.

Since I cannot seem to reproduce this using commandline klog.krb, what 
function resets things, so to speak?

I'm calling:

int code;
char * theuname, thepass, thecell, reason;
afs_int32 password_expires = -1;


/* Obviously, theuname, thepass, and thecell get set to the username, 
password, and name of the cell */
code = ka_UserAuthenticateGeneral (KA_USERAUTH_VERSION + 0, theuname, 
"", thecell, thepass, lifetime, &password_expires, 0, &reason);

return code;

Thanks!


On 2003.06.12 19:19 Marcus Watts wrote:
> David Botsch <dwb7@ccmr.cornell.edu> wonders:
> > Delivered-To: openafs-info@openafs.org
> > From: David Botsch <dwb7@ccmr.cornell.edu>
> > To: openafs-info@openafs.org
> > Message-ID: <20030612223932.GA2039@domino.ccmr.cornell.edu>
> > Date: Thu, 12 Jun 2003 18:39:32 -0400
> >
> > I have noted in afs source code for tokens.c that clientName.name
> can
> > take the form AFS ID XXXX or Unix UID XXXX or some other forms.
> >
> > What makes the determination on which one of these forms it takes
> and
> > what does this mean?
> >
> > Thanks!
> 
> The short answer is "it doesn't mean a thing".
> 
> The longer answer is that the logic in log/tokens.c is actually driven
> by logic in auth/ktc.c which is where "aclient->name" gets filled in
> with with ct.ViceID.  There's an even-oddness kludge that drives this.
> ct.ViceID comes from the cache manager, but the cache manager doesn't
> actually use this for anything useful (apparently not even error
> messages).  The cache manager is actually just returning the token
> that
> some other program, such as klog, login, or aklog stuffed into the
> kernel.  So it's actually that program that drives which message you
> see.
> 
> The reason why the "ID" doesn't matter is that the only thing that
> really determines your file access is your username in your ticket,
> and
> what the fileserver gets back from ptserver when it does a "GetCPS" on
> that username.  The cache manager never sees this exchange, and
> certainly doesn't have a way to lie about it.
> 
> aklog (at least some versions) has a flag -noprdb that turns off the
> "AFS ID" lookup; the main result without this is that aklog runs
> slightly faster.  So that's an easy way to experiment with the
> difference such as it is.
> 
> 				-Marcus Watts
> 				UM ITCS Umich Systems Group
> _______________________________________________
> OpenAFS-info mailing list
> OpenAFS-info@openafs.org
> https://lists.openafs.org/mailman/listinfo/openafs-info
> 

-- 
********************************
David William Botsch
Consultant/Advisor II
CCMR Computing Facility
dwb7@ccmr.cornell.edu
********************************