Samba as a gateway to OpenAFS

Robertson, Jason V jason.v.robertson at intel.com
Thu Aug 15 07:27:00 GMT 2002 

FYI WRT to smbklog - my Brinkster account had expired.. I reinstated and put
up my latest code (including some client fixes, primarily).  Also updated
the wiki page with some minor changes.

Jason

-----Original Message-----
From: Daniel Clark/Cambridge/IBM [mailto:daniel_clark at us.ibm.com] 
Sent: Sunday, August 04, 2002 4:16 PM
To: samba-technical at lists.samba.org
Cc: Steve.Holstead at ualberta.ca; beck at bofh.ucs.ualberta.ca;
ifs.via.samba at umich.edu; jason.v.robertson at intel.com
Subject: Re: Samba as a gateway to OpenAFS





I've put together a page on the OpenAFS Wiki - http://grand.central.
org/twiki/bin/view/AFSLore/SMBtoAFS - listing all of the Samba as an AFS
gateway projects I could find. Authors of the systems may want to look at
and edit the page to make sure I'm not inadvertently misrepresenting their
systems.

I also have two questions for Steve Holstead:

On Fri, May 24, 2002 at 10:44:54AM -0600, Steve Holstead wrote:

> Unfotunately, we have the need to offer AFS space to our users via SAMBA.
> In doing so, we have had to introduce a number of patches to accomplish
> this task. The methodology was discussed at the LISA 2000 conference re:
> http://www.usenix.org/events/lisa2000/full_papers/beck/beck_html/index.
html

> The introduction of the fokstraut DB allowed us to store the plaintext
> password along with the HASH forms.

> I would like to say that since that time, I have introduced an additional
> module to re-authenticate those users who insist on not logging out. This
> module will ensure that their token sticks around.

> It is my intention to rid myself of the fokstraut DB by establishing a
> "trust" between the AFS server and my samba server such that I can get a
> token without having to send a clear text password. This will allow me to
> migrate all fokstraut DB records to the SAMBA password tdb.

> I am also working on a routine that ties into our password management
> functions (ie our krb5, krb4, and AFSkrb). This will enable the creation
> of a passwd tdb record which stays in sync with all the other passwd
> records.

> To re-phrase, I am trying to:

> 1. Get rid of AFS's need for plaintext passwords.
> 2. Establish a "registration" mechanism for new samba users and those
that
>    change their passwords.
> 3. Turn on encrypted password support.

> The patches that will give you AFS support with plaintext turned on can
be
> found at www.ualberta.ca/~sholstea

What version of Samba are these patches against?

> The routines that will allow me to turn on encrypted pasword support for
> AFS users are still under developement.

More information about the samba-technical mailing list