[OpenAFS] kerberos + pam

Douglas E. Engert deengert@anl.gov
Mon, 18 Oct 2004 10:51:40 -0500


Jeffrey Hutzelman wrote:

> 
> 
> On Friday, October 15, 2004 16:40:16 -0500 "Douglas E. Engert" 
> <deengert@anl.gov> wrote:
> 
>>
>>
>> Jeffrey Hutzelman wrote:
>>
>>> On Friday, October 15, 2004 13:39:44 -0500 "Douglas E. Engert"
>>> <deengert@anl.gov> wrote:
>>>
>>>> The gafstoken is a single routine that will issue a syscall to get a 
>>>> PAG
>>>> then fork/exec your favorite aklog to get a token. gafstoken has
>>>> no AFS or Kerberos dependiencies (other then knowing the PAG syscall)
>>>
>>>
>>>
>>> Does it implement the syscall replacement interface we use on Linux 2.6?
>>
>>
>> Not yet, but I suppose it could.
>>
>> The intent if the program was to make it simple so any vendor could build
>> it even if they did not have AFS. If run on as system without the AFS
>> syscall installed, the signal would be trapped.
>>
>> Give me a pointer to the replacemant, and I can look at whiat it would
>> take.
> 
> 
> The replacement basically consists of wrapping up the syscall arguments 
> in a structure, opening a magic file in /proc, and doing an ioctl with a 
> pointer to the structure as the argument.  If the file doesn't exist, 
> then you make the syscall the old-fashioned way.
> 
> Look at src/sys/afssyscalls.c:proc_afs_syscall()
> 

I have added the calls, and it compiles on Linux, but I don't have a 2.6
kernel with AFS to test with.

ftp://achilles.ctd.anl.gov/pub/DEE/gafstoken-0.2.tar

Any feed back is welcome.


> -- Jef
> 
> 
> 

-- 

  Douglas E. Engert  <DEEngert@anl.gov>
  Argonne National Laboratory
  9700 South Cass Avenue
  Argonne, Illinois  60439
  (630) 252-5444