AFS support

Steve Holstead sholstea at
Mon Jan 23 17:19:08 GMT 2006

On Mon, 23 Jan 2006, Volker Lendecke wrote:

> On Mon, Jan 23, 2006 at 09:49:51AM -0500, Thomas J. Moore wrote:
>> 1)  With the fake-kaserver support, is there a technical reason why
>> setpag() isn't called before sending the AFS token?  (i. e. something
>> like "syscall(SYS_afs_syscall, AFSCALL_SETPAG)" just before the settok
>> call in afs_settoken.c; see attached patch)  I did a bit of testing with
>> this patch, and had no problems.  I don't know enough about afs to say
>> whether or not this causes a leak somewhere, though.
> We can't use PAGs because smbd has to cope with multiple users on a single
> connection. In standard setups this might not be necessary, but once you have
> terminal servers around you can't use PAGs, as smbd has to transparently su -
> to the different users. All the users of this I've seen so far at least
> potentially had terminal servers.

I don't think this is completely true. We use setpag() with our terminal 
servers. However, they will only work if the MS hotfixes are applied. The 
fixes turn off the userid multiplexing.

>> 2)  Is the vfs_afsacl module being worked on?  Since it has a 2003
>> copyright, and I had to make a few changes to make it do anything
>> useable at all (mainly stripping out domain names from IDs; see attached
>> patch), I would assume not.  If not, is there another simple way for
>> Windows users to edit ACLs without requiring a full OpenAFS installation?
> I'll look at your patch, thanks. Not immediately, but it will stick in my inbox
> :-)
> Volker

More information about the samba-technical mailing list