[OpenAFS] Perl-AFS and Kerberos 5

Russ Allbery rra@stanford.edu
Tue, 01 Jul 2008 10:14:37 -0700

Ansgar Burchardt <ansgar@mathi.uni-heidelberg.de> writes:

> I'm trying to write a script that allows me to comfortably create users,
> but have a small problem with authenticating to AFS:  I want the script
> to prompt for a password and then obtain a Krb5 token and log on the AFS
> using these.  I can obtain the Krb5 token with the Authen::Krb5 module,
> but cannot find a way to use these with AFS.
> If I understand the source for aklog right, I should pass it to
> ktc_SetToken.  This function is available from the Perl module, but I
> don't know how to convert the Kerberos token.

I highly recommend just calling system('aklog').  It's a hack, but you
otherwise have to reimplement much of the logic of what aklog does, and
it can be annoyingly complex depending on your environment (and you'd then
have to change your code if aklog ever changed, such as with rxgk).

Eventually, what you really want is a Perl binding for the libkafs
library, or a libkopenafs variation of it that could come with OpenAFS,
including aklog-like functionality.  But unless you're using Heimdal,
there isn't a library for this yet.

Russ Allbery (rra@stanford.edu)             <http://www.eyrie.org/~eagle/>