Coda File System

Re: Coda and Debian Linux and PAM

From: Robert Watson <robert_at_cyrus.watson.org>
Date: Wed, 11 Nov 1998 16:01:43 -0500 (EST)
On 11 Nov 1998, Ben Gertzfield wrote:

> 1) Is there any way to get Coda to do a clog upon login under Linux? 
> Perhaps this could be accomplished via PAM?

Due to the nature of the 'Coda Tokens', the auth server must know the
secret being used by the client (that is, their password) and be able to
associate it with the user account.  As I understand it, PAM does not have
an API call that goes: IHaveAUsernameGiveMeTheirSecret(), and in fact the
standard UNIX model of having one-way-hashed passwords prohibits this.
The behavior is very much like kerberos.

We do, however, have patches to make use of KerberosIV and KerberosV with
the auth server and a kclog to use them.  This allows you to use kerberos
authenticators to retrieve coda tokens.

> 2) I'm just a beginner at Coda and AFS-like things, but I know AFS has
> the concept of a 'cell', where I can anonymously (or authenticatedly)
> browse through foreign sites by chdiring to /afs/cats.ucsc.edu/ et
> cetera. Does this concept exist in Coda?

Coda does not yet support multi-realm; I believe the changes to support
multi-realm will be non-trivial and therefore I don't anticipate this
feature being available very soon.  On the other hand, if someone just
goes out and writes multi-realm support, who knows :).  The /afs/realm
behavior is actually somewhat of a farce -- or at least, as I understand
it, you are not quite getting what you expect :).  /afs is really a normal
volume maintained as part of your normal realm, and it happens to contain
mountpoints that refer to remote realms and are named appropriately.
Witness the output of fs lsmount on /afs/whatever on a machine here at
CMU:

% fs lsmount /afs/cs.cmu.edu
'/afs/cs.cmu.edu' is a mount point for volume '#cs.cmu.edu:root.cell'
% fs lsmount /afs/andrew.cmu.edu    # this is the local realm
'/afs/andrew.cmu.edu' is a mount point for volume '#root.cell'

fs lsmount /afs does not work, but you would see that it is #root.afs.

When Coda starts supporting cellular behavior, this looks like a fairly
reasonable model to follow.

  Robert N Watson 

Carnegie Mellon University            http://www.cmu.edu/
TIS Labs at Network Associates, Inc.  http://www.tis.com/
SafePort Network Services             http://www.safeport.com/
robert@fledge.watson.org              http://www.watson.org/~robert/
Received on 1998-11-11 16:15:13