[OpenAFS] Kernel module on sparc64

Gunnar Krull gklists@cs.uni-goettingen.de
Thu, 7 Dec 2006 11:04:41 +0100


On Thursday 07 December 2006 10:03, Marcus Watts wrote:
> Gunnar Krull <gklists@cs.uni-goettingen.de> and others wrote:
> ...
>
> > > > I think that's the reason why my token gets discarded when trying to
> > > > access a  protected folder of our afs filespace:
> > > >   afs: Tokens for user of AFS id 1032 for cell ****** are discarded
> > > > (rxkad  error=19270410)
> > >
> > > 19270410 is RXKADSEALEDINCON, which effectively means that either you
> > > or the fileserver is not encrypting data correctly.  Usually it means
> > > that one of you is using the wrong key, but in this case, there is a
> > > known problem on some 64-bit platforms, which should be fixed in the
> > > next release.
> >
> > The encryption and keys on the server side are correct. I've checked this
> > to be sure that the problem is the client. Sparc64 in combination with
> > Linux/Debian is the only effected architecture here.
> >
> > So, I'm waiting impatiently for the fixed release ...
>
> This sounds like it might be the same problem that Steve Roseman
> <sgr0@Lehigh.EDU> ran into on powerpc.  In his case, his cache manager
> was using wrong-endian encryption right at the point of setting up an
> encrypted rx connection with a fileserver, so wasn't in fact capable of
> doing authenticated file access.  The definitive proof would be to use
> tcpdump & knowledge of the keys used to prove this is what happening,
> but you probably won't need to do that.
>
> I would be *very* interested in knowing two things:
>
> /1/ do pts and other userland commands work while using authenticated
> access with a token immediately before you access afs filespace and lose
> that token?
> 	( since your error report contains your vice id, this
> 	seems likely to be true. )

Yes, that works.
I can e.g. create and remove user groups with pts. Creating/removing volumes 
per vos command also works.

Interestingly: after my token got discarded I can still execute commands that 
need authentication (pts, vos, ...) !? 

>
> /2/ does this build fix produces a working cache manager for you?
>
> > The "simple" kludge is to just append the line "#define WORDS_BIGENDIAN
> > 1" at the end of src/config/afsconfig.h after configuring afs, then at
> > the top do ( cd src/libafs; make clean )
> >                 -- if you have old kernel objects in your build tree
> >         make only_libafs
> >                 -- build just the cache manager
> > You can then copy the cache manager pieces to your already existing
> > system. Of course you can also build the whole thing.
> > Just remember that if you type configure or config.status you'll
> > have to patch afsconfig.h again.
>
> If these are both true, then that's good, that means I may actually
> have an interesting patch that will help you as well as others shortly.
> Also, you'll have a working cache manager, and won't need to be quite
> so impatient.  :-)

Yes, that's it!
Now I can open files and directories in "authentication only" area of our afs 
filespace and the token resides in my system. I will test it more in the next 
days but it should be ok now.

Thanks for the hint!

Gunnar