Coda File System

Support for aliased user names in auth2

From: Neil Dunbar <nd_at_hplb.hpl.hp.com>
Date: Tue, 08 Dec 1998 16:03:04 +0000
Hi all,

I've just started playing with Coda here. All seems like useful stuff,
especially when integrated with a Kerberos realm. One thing which
would be handy though would be the mapping of several names
onto a single user ID.

The reason that I thought this would be useful was that many
Kerberos realms append an instance value to the end of a user
ID to designate the function of the principal (for example
"nd/admin" to designate my administrative hat as opposed to
my regular, joe user hat). Unfortunately, this principal cannot
be used to log in to Coda, because there isn't a 1-to-1 mapping
between the Coda user name and the Kerberos principal (and
you don't really want to be creating multiple UIDs to deal with
the same person under different principals).

If there were alias support, you could create a user ID "joe", which
could have n aliases, all of which would map to the canonical name
"joe". Thus, the name on all of "joe"'s principals (ie joe/finance and
joe/admin) could be used by kauth2 to get Coda tokens. You don't
even need Kerberos for this: you might want joe to be able to login
with his full name (eg "Joe Blow").

Anyway, I hacked a partial solution to this. Basically, you create a
file /vice/db/aliases.coda (or whatever) and run pcfgen with the
invocation
  pcfgen -a aliases.coda vice.pdb

This compiles a hashed version of the aliases.coda text file into
aliases.gdbm, which is read (if available) by kauth2 when it
starts. The aliases.coda file is of the form

<name> : <alias1> <alias2> .... <alias_n>.

Blank lines and lines beginning with '#' are ignored. If you need
to incorporate spaces within an alias, surround the alias with
quotation marks ("). There's no way to include quotation marks
in an alias right now.

The diffs against coda-4.6.6 are on
ftp://hplose.hpl.hp.com/pub/nd/aliases.diff.gz

To enable alias support, you edit Makeconf and ensure that
the line 'ALIASES=yes' is uncommented. You must also
ensure that libgdbm is installed on your system.

I've only tested this stuff on Linux 2.1.129 (RedHat 5.1), but it
should compile OK on FreeBSD/NetBSD. Anyway, for anyone
who is interested, try it out an let me know if it works OK.

Also, I realise that this feature is probably in 4.7.x, but I haven't
had time to look at that yet.

Cheers,

Neil
Received on 1998-12-08 11:11:45