[OpenAFS-port-darwin] Patches to make OpenAFS on Mac OS X more user-friendly

Alexei Kosut akosut@cs.stanford.edu
Thu, 27 Feb 2003 11:38:14 -0600 

On Thursday, February 27, 2003, at 10:43  AM, David Botsch wrote:
> 1. Will these patches be included in the next openafs package to be 
> release (presumably the 1.2.9 client)?

You'd have to ask the Folks In Charge about that, but I don't know 
anything about it, and I would assume the answer is no.

> 2. How exactly does the permission patch fake the modebits? I would 
> assume it dose like appleshare does and sets the user of files and 
> directories to the user logged in and sets rwx for directories? Other 
> mode bits? Group mode bits?

Actually, it doesn't change the user or group at all.  It only affects 
the permission bits; it replicates the user bits to the group and other 
bits for files, and always reports mode 777 for directories.  This is 
sufficient for the OS to effectively ignore the permissions set on the 
file that AFS does not support.

> 3. Related to #2, if while a user is at the console, and another user 
> sshes in, how will the ownership/mode bits appear to him/her? If two 
> users ssh in? If no one is at the console and two separate users ssh 
> in?

The same.  The patched code has no concept of logged  in users; it 
always reports the same thing.

> 4. With the -nomount option, does an icon for /afs still appear on the 
> desktop? How does the user mount /afs ?

No; that's sort of the point, actually.  The user mounts /afs the same 
way they'd mount other AFS directories, using the mount_afs tool or 
similar code (here at Stanford, our GUI Kerberos tool knows how to 
mount AFS directories).

> Also in related business, any thoughts comments on the problem where 
> if you have no afs tokens and attempt to access a folder with the 
> finder, the afs server denies permission, and you see an empty folder 
> in the finder. If you then klog and get tokens, the finder seems to 
> have cached the fact that the folder is empty and cannot be refreshed 
> w/o logging out or even restarting the computer.

Well, if you're using my patches, you can unmount the AFS volume and 
re-mount it, and then the Finder is happy.  But in general, no.

> And related to just apple stuff, we will see the pam module (at least 
> the non-kerberos one, which does compile after hacking up the Makefile 
> a bit) included with the openafs 1.2.9 package?

I get the impression that the OpenAFS 1.2.x branch is relatively 
closed, except for minor bug fixes.  I would expect any major changes 
to be relegated to the 1.3/1.4 releases.

-- 
Alexei Kosut <akosut@cs.stanford.edu> <http://cs.stanford.edu/~akosut/>