Coda File System

auth2 + GSS-API

From: Mark Phalan <mphalan_at_o2.ie>
Date: Fri, 20 Feb 2004 15:03:01 +0100
Hi,

A patch which adds support for GSS-API authentication to the auth2
daemon and clog userspace login program may be found here:
http://www.maths.tcd.ie/~phalanm/

It should apply cleanly to coda-6.0.3.

To use:
gssservice should be added to venus.conf and server.conf
gssinit should be added to venus.conf
(These two settings act similarily to their kerberos5 counterparts.)

Edit the Makefile.in in coda-src/auth2 so that it builds correctly.

Build auth2 and clog.

clog can now be run as: clog -gssapi


I've tested it with kerberos5 and GSI (www.globus.org/security) and it
seems to work.

Some current problems/limitations:
1. I know basically nothing about autotools so the Makefile.in (in
coda-src/auth2) must be hand-edited at the moment.
I've tried to keep the impact to existing code minimal and all my
changes have been #ifdef'ed out. Unfortunately I can't put #ifdefs in
auth2.rpc2 (does rpc2gen have a similar mechanism?) so if GSS-API
support is not wanted this file must also be edited (as well as
Makefile.in).

2. As more information about each connection is kept around (the GSS-API
context) the bug where the per-connection information isn't being freed
is exacerbated. The context is never freed. Has this bug been fixed?


Feedback is welcome!

Mark Phalan
Received on 2004-02-20 09:06:37