[OpenAFS] kerberos + pam
Douglas E. Engert
deengert@anl.gov
Mon, 18 Oct 2004 10:51:40 -0500
Jeffrey Hutzelman wrote:
>
>
> On Friday, October 15, 2004 16:40:16 -0500 "Douglas E. Engert"
> <deengert@anl.gov> wrote:
>
>>
>>
>> Jeffrey Hutzelman wrote:
>>
>>> On Friday, October 15, 2004 13:39:44 -0500 "Douglas E. Engert"
>>> <deengert@anl.gov> wrote:
>>>
>>>> The gafstoken is a single routine that will issue a syscall to get a
>>>> PAG
>>>> then fork/exec your favorite aklog to get a token. gafstoken has
>>>> no AFS or Kerberos dependiencies (other then knowing the PAG syscall)
>>>
>>>
>>>
>>> Does it implement the syscall replacement interface we use on Linux 2.6?
>>
>>
>> Not yet, but I suppose it could.
>>
>> The intent if the program was to make it simple so any vendor could build
>> it even if they did not have AFS. If run on as system without the AFS
>> syscall installed, the signal would be trapped.
>>
>> Give me a pointer to the replacemant, and I can look at whiat it would
>> take.
>
>
> The replacement basically consists of wrapping up the syscall arguments
> in a structure, opening a magic file in /proc, and doing an ioctl with a
> pointer to the structure as the argument. If the file doesn't exist,
> then you make the syscall the old-fashioned way.
>
> Look at src/sys/afssyscalls.c:proc_afs_syscall()
>
I have added the calls, and it compiles on Linux, but I don't have a 2.6
kernel with AFS to test with.
ftp://achilles.ctd.anl.gov/pub/DEE/gafstoken-0.2.tar
Any feed back is welcome.
> -- Jef
>
>
>
--
Douglas E. Engert <DEEngert@anl.gov>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(630) 252-5444