I'm implementing an AFS-aware WebDAV server. I'm doing it in Java at the moment simply because that's the shortest path to completion (libjafs and existing Java webdav server code make it pretty easy).
Three questions: 1. Is there any way to create a "Process Authentication Thread" similar to a PAG? (I strongly suspect not) 2. Is there any way to ask libafs to perform a file operation (open, read, write, etc) using a specific token which is passed as an argument to the call rather than (or perhaps in addition to) whatever tokens are associated with the current PAG? If so, is this functionality exposed in libjafs? 3. Given access to the server's KeyFile, I know it is cryptographically possible to fabricate any user's tokens (gssklogd does this). Is this functionality included in libafs, or does it have to be written from scratch (since its use is, I assume, discouraged)? I feel uncomfortable about requiring that the server run as a member of system:anyuser. The best solution IMHO is to have the server use the user's tokens (how those are obtained is another story). The second-best solution is to have the server run with system:administrator powers, but I'm reluctant to do that unless I know that those tokens will only be used for file accesses I specifically instruct them to be used for (I don't want normal calls to java.io.* to get the benefit of these tokens -- too much other code in the JVM calls this stuff). - a -- PGP/GPG: 5C9F F366 C9CF 2145 E770 B1B8 EFB1 462D A146 C380 _______________________________________________ OpenAFS-devel mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-devel
