On Tue, 19 Nov 1996 23:15:58 -0500 Ken Hornstein wrote:
> > available for many Unices. Someone will still need to write an AFS
> > PAM module (shared library) when PAM becomes widely available to the
> > AFS community.
>
> It seems to me right off the bat that this is going to be hard since the
> AFS libraries aren't shared libraries right now, which means you couldn't
> use them as they are now. You'd either need to recompile the AFS libraries
> with the appropriate compiler magic, or re-implement the necessary glue.
>
> Recompiling them as shared libraries might also be ... interesting. You'll
> probably have to delve deep into the LWP stuff, since on many (all?) platform
s
> that's assembly code and won't be position-independent code.
Whoa. I hadn't realized that they had done this stuff in assembly. I realize
that the stuff in the kernel probably needs to have some assembly, but they
really shouldn't have needed to go to assembly for the stuff in the user-level
libraries/binaries. If what you say is true, it is very unfortunate because
it means even those with a source license will find it hard to build shared
libraries.
Perhaps someone needs to implement a free implementation of the AFS client
protocol. Even just getting a shared libauth would go a long way to meeting
our needs. Anyone have info on the protocols that they can legally share?
(Transarc??? Help us out here!)
Another alternative to consider is the use of a Kerberos gateway. I've not
played with the K4 or K5 stuff, but I'd guess that there's a shared
implementation of both of these, which could be tweaked to speak to the
AFS kaserver. Not sure how you'd solve PAGs, though, since I can't seem to
find any description of *exactly* how this works (other than that it consumes
two group entries in the process group array.) I couldn't find any API calls
to manage PAGs, either (and I'd appreciate hearing from anyone who has more
specific information).
> (Not that it really matters to us, since it's unlikely we're going to be
> using CDE. Thank Ghod that SGI's still use XDM, even if it is a hacked-up
> version of it :-) ).
Hmmm... maybe we need to gripe at Transarc too! What about it Transarc? Can
we get shared versions of the AFS libraries? (Incidentally, since DCE
PAM authentication is already implemented, I presume that the DCE stuff is
already in the form of shared libraries? Anyone have further info?)
-- Garrett.
