sholstea at ualberta.ca
Mon Jan 23 17:19:08 GMT 2006
On Mon, 23 Jan 2006, Volker Lendecke wrote:
> On Mon, Jan 23, 2006 at 09:49:51AM -0500, Thomas J. Moore wrote:
>> 1) With the fake-kaserver support, is there a technical reason why
>> setpag() isn't called before sending the AFS token? (i. e. something
>> like "syscall(SYS_afs_syscall, AFSCALL_SETPAG)" just before the settok
>> call in afs_settoken.c; see attached patch) I did a bit of testing with
>> this patch, and had no problems. I don't know enough about afs to say
>> whether or not this causes a leak somewhere, though.
> We can't use PAGs because smbd has to cope with multiple users on a single
> connection. In standard setups this might not be necessary, but once you have
> terminal servers around you can't use PAGs, as smbd has to transparently su -
> to the different users. All the users of this I've seen so far at least
> potentially had terminal servers.
I don't think this is completely true. We use setpag() with our terminal
servers. However, they will only work if the MS hotfixes are applied. The
fixes turn off the userid multiplexing.
>> 2) Is the vfs_afsacl module being worked on? Since it has a 2003
>> copyright, and I had to make a few changes to make it do anything
>> useable at all (mainly stripping out domain names from IDs; see attached
>> patch), I would assume not. If not, is there another simple way for
>> Windows users to edit ACLs without requiring a full OpenAFS installation?
> I'll look at your patch, thanks. Not immediately, but it will stick in my inbox
More information about the samba-technical