Fwd: [OpenAFS] Manually Creating Cross Realm Users

Jason Edgecombe jason@rampaginggeek.com
Sun, 17 Jun 2012 09:50:20 -0400

This is the page that you need:


All code and documentation, outside of the wiki, goes through gerrit. 

The rough workflow goes as follows:
1. git clone of openafs (with gerrit setup)
2. create a new branch
3. edit code/docs  and test
4. commit
5. git push to gerrit
6. ask people to review
7. fix any issues, jump to 5 if fixes were made.
8. patch is accepted
9. delete the topic branch from #2
10. jump to step 2 and repeat.

The man pages are in the doc/manpages folder
the guides are under the doc/xml folder. The guides are in docbook 
format. <http://www.docbook.org/>

You'll need to run a compile and specify your xml processor to compile 
the docbook files.

For development questions, post messages to openafs-devel@openafs.org
For documentation questions, post messages to openafs-doc@openafs.org  
or the openafs-devel list.

Questions about general functionality can be posted to the openafs-info 
list. (this list)

Please contact the lists if you have any more questions.


On 06/17/2012 12:41 AM, Jayen Ashar wrote:
> Yes, that would be great.  I looked around for how to contribute small
> things like this to OpenAFS and all I could find were a couple of wiki
> pages[1,2], but neither of them mention documentation like this.
> Thanks,
> Jayen
> [1] http://wiki.openafs.org/AFSLore/afslore/tinysimpletasks/
> [2] http://wiki.openafs.org/AFSLore/contrib/
> On Sat, Jun 16, 2012 at 11:16 PM, Jason Edgecombe
> <jason@rampaginggeek.com> wrote:
>> Yes, something can be added. Anyone is welcome to update the manuals and
>> admin guide and may do so. Would you like someone to walk you through the
>> process of updating the manual?
>> Jason
>> On 06/16/2012 05:17 AM, Jayen Ashar wrote:
>>> Yes, I found that after reading Simon's email.  Just reading the man
>>> page, though, it wouldn't have been clear to me that this is what I
>>> wanted. Could a line be added to the man page similar to what Simon
>>> said?
>>> "When multiple Kerberos5 realms authenticate to the same AFS cell, all
>>> local and foreign realms in krb.conf are equivalent, so sxw@LOCAL and
>>> sxw@FOREIGN would both map to the pts user sxw."
>>> Could something also be added to
>>> http://docs.openafs.org/AdminGuide/ch02s03.html#HDRWQ40 (Granting and
>>> Denying Foreign Users Access to Your Cell)?
>>> Thanks,
>>> Jayen
>>> P.S.  Apologies if this is a duplicate.  I have reason to believe the
>>> university's mail server dropped my previous reply.
>>> On Thu, 14 Jun 2012, Jason Edgecombe wrote:
>>>> I don't think so. It's documented in the krb.conf man page, though.
>>>> On 06/14/2012 07:16 AM, Jayen Ashar wrote:
>>>>> Yes, that works wonderfully!  Thanks for that.  Is this mentioned in
>>>>> the Admin Guide somewhere?  I couldn't find it.
>>>>> Thanks,
>>>>> Jayen
>>>>> On Thu, Jun 14, 2012 at 9:04 PM, Simon Wilkinson
>>>>> <simonxwilkinson@gmail.com> wrote:
>>>>>> On 14 Jun 2012, at 11:45, Jayen Ashar <jayen@science.unsw.edu.au>
>>>>>> wrote:
>>>>>>> Is there any chance this has changed in the last 9 years?
>>>>>> The details of how cross-realm users are created hasn't changed,
>>>>>> However, I don't think this is applicable to your situation. What you
>>>>>> should do is list both your local and foreign realms in    krb.conf. This
>>>>>> tells AFS that the two realms are equivalent, so sxw@LOCAL  and sxw@FOREIGN
>>>>>> would both map to the pts user sxw.
>>>>>> Cheers,
>>>>>> Simon