Marcus Watts wrote: > The whole jafs/libadmin thing has serious problems. libadmin has rxkad > assumptions worked into its authentication logic. I don't remember > digging into the authentication part in particular, but I expect it > probably does depend on ka (kaserver but fakeka should work as well) for > authentication.
The authentication dependencies are no deeper than the ktc_Auth... calls. We need to develop a Kerberos v5 ktc interface. > It might well have platform specific issues, in which > case Jeff probably knows as much as anybody what Windows can do there. libadmin is used extensively on Windows. More so there than on any other platform because of the "Server Manager" tool. > jafs has another whole set of problems on top. It really likes to > iterate down and get a list of *all* the users in a cell, a *lot*. > I think it likes to get a list of all the volumes as well. libadmin has serious enumeration problems as well. It doesn't cache anything. Everytime it wants a list of servers it enumerates the entire cell and calls DNS on each server address. It performs the enumeration for each server name is processes. Things get really bad when there are server IP addresses without DNS entries. I've tried to improve some of the logic but in my opinion the whole thing is seriously flawed and could use a total re-write. > Some of > this may be the demo program shipped as the sole documentation on how > this all works, but some of this looks like wired-in software design. > For a small "demo" system, jafs should work fine. I really doubt it > will work in a large scale environment, like we have here at UM. For a test of libadmin against your environment use the Windows Server Manager. > I made some improvements in jafs for rxk5, and some fairly minimalist > changes to libadmin to deal with authentication, plus also some changes > to build with java 1.6. I'm seriously considering coming up with a new > lighter-weight "from-scratch" JNI implementation to solve some of the > things folks want to do here at UM. Please hold an open design discussion on openafs-devel. Jeffrey Altman
smime.p7s
Description: S/MIME Cryptographic Signature
