[OpenAFS-port-darwin] AFS as OS X home directory

Ragnar Sundblad ragge@nada.kth.se
Tue, 03 Dec 2002 21:35:26 +0100 

--On den 3 december 2002 14:05 -0500 Steve Lidie <sol0@Lehigh.EDU> wrote:

> Any OS X file dialog wants to show a directory tree of all mounted
> volumes, so showing our AFS home space with 10K+ users takes several
> minutes.  Is there a way to customize OS X to not do this, or perhaps
> start the display at the current working directory?

I have no idea how to solve this. I think it is quite uncommon
to have 10K+ users in one directory, many mux it up in several
directories with just a few hundreds or so in each. Even that
can take some time to list.

One thing that could mitigate this effect is "faked mount
points" that arla has, not sure if openafs has it yet.
It makes the client not mount the volume until something
goes down into it, until then it just looks as a directory.
Sadly there seems to be some problem with it in arla at the
moment, and no one has taken to time to look at it. As long
as it works it really makes a difference.

> Second, I have no AFS token after login.  Is there a clean solution to
> this?  Assuming the file dialog problem could be "fixed", forcing the
> user to klog would be okay.

This one I can help you with!

You can get a Kerberos "loginLogout" plugin that gets called
when the Kerberos libs authenticates, both at console login
time, when the user runs "kinit" and when an app makes the
kerberos dialog appear.

There is one from Alexei Kosut at Stanford (you can search the
archives of this list) that is built upon the openafs libraries
and therefor sadly is tricky to build for use with arla.

I have now finally rewritten my own to work with the new
krbafs 1.2 (I guess we have Alex and Assar to thank for this!)
library from MIT which works with both arla and openafs.
(only arla tested yet).

It is written for a Kerberos 5 kdc (but krb4 afs, of course).
It should be pretty simple to change to use krb4, but I guess
and hope noone is still krb4 only.

You can get the source here:
<ftp://ftp.nada.kth.se/pub/home/ragge/afslog-krbafs12.loginLogout.0.0.1d1.s
rc.tgz>
and a complied binary here:
<ftp://ftp.nada.kth.se/pub/home/ragge/afslog-krbafs12.0.0.1d1.tgz>

I'd be happy if people test it and find bugs!

Some notes:
It doesn't kill your tickets when you log out, I wasn't sure one
dare to do that since I am not sure of the timing at logout time.

It won't install tickets for root (uid 0), since that would give
your root access in the afs tree to daemons and such.

/ragge