AFS support

Steve Holstead sholstea at ualberta.ca
Mon Jan 23 17:19:08 GMT 2006



On Mon, 23 Jan 2006, Volker Lendecke wrote:

> On Mon, Jan 23, 2006 at 09:49:51AM -0500, Thomas J. Moore wrote:
>> 1)  With the fake-kaserver support, is there a technical reason why
>> setpag() isn't called before sending the AFS token?  (i. e. something
>> like "syscall(SYS_afs_syscall, AFSCALL_SETPAG)" just before the settok
>> call in afs_settoken.c; see attached patch)  I did a bit of testing with
>> this patch, and had no problems.  I don't know enough about afs to say
>> whether or not this causes a leak somewhere, though.
>
> We can't use PAGs because smbd has to cope with multiple users on a single
> connection. In standard setups this might not be necessary, but once you have
> terminal servers around you can't use PAGs, as smbd has to transparently su -
> to the different users. All the users of this I've seen so far at least
> potentially had terminal servers.
>

I don't think this is completely true. We use setpag() with our terminal 
servers. However, they will only work if the MS hotfixes are applied. The 
fixes turn off the userid multiplexing.

http://support.microsoft.com/default.aspx?kbid=818528

>> 2)  Is the vfs_afsacl module being worked on?  Since it has a 2003
>> copyright, and I had to make a few changes to make it do anything
>> useable at all (mainly stripping out domain names from IDs; see attached
>> patch), I would assume not.  If not, is there another simple way for
>> Windows users to edit ACLs without requiring a full OpenAFS installation?
>
> I'll look at your patch, thanks. Not immediately, but it will stick in my inbox
> :-)
>
> Volker
>


More information about the samba-technical mailing list