AFS support

Kris Van Hees aedil at alchar.org
Sun Sep 29 05:09:00 GMT 2002 

On Sun, Sep 29, 2002 at 03:00:27PM +1000, Andrew Bartlett wrote:
> Kris Van Hees wrote:
<< Description of @sys patch omitted. >>
> 
> That would very much depend on what you are proposing.  This kind of
> thing is quite difficult with encrypted passwords, and I am generally
> opposed to adding this kind of thing to our plaintext code, unless it's
> done *very* cleanly.  Hint:  Don't add more stuff to pass_check.c.

The change we need to make does not involve authentication in any way.  It is
entirely limited to path and file name resolving based on the client machine
platform (as determined by the remote architecture variable).  For the purpose
of this particular patch, the assumption has been made that all files that need
to be accessed will be accessible by the Samba server without requiring it to
authenticate the client user against AFS.  As mentioned below, that may be
something that we need to do in the future, but for now I prefer to stay out of
that arena :)

> A patch submitted to us should be for 3.0 or HEAD, becouse we are trying
> to rid ourselves of 2.2 maintainece.  

Then that is definitely what I will submit.

> > PS: I also have the intention to later work on dealing with authentication and
> >     permission issues against an AFS file space store that Samba serves from,
> >     but that is currently way out of scope for this.
> 
> I honestly don't see how you will avoid this.  BTW, you should have a
> look at the previous efforts in this area - there have been many.  
> Sombody posted a list of patches to the list a while back.

As mentioned above, the @sys substitution logic is not dependent on any user
authentication information.  I have done work in this area before, but it was
abandoned due to other priorities.  But I envision that it might be picking up
again.  I definitely will continue looking at the previous efforts in this
area (the ones that are present in the current code base do little more than
verifying the user's identity - not authentication for the purpose of being
able to access AFS space *as* that user).

But as I said, that is definitely something for the future, and it is not
related to the @sys work.

	Kris

More information about the samba-technical mailing list