source: branches/fc17-dev/locker/doc/cluedump/kerberos.tex @ 2580

Last change on this file since 2580 was 1648, checked in by ezyang, 15 years ago
Add cluedump slide sources to Subversion.
File size: 1.2 KB
Line 
1\subsection{Kerberos}
2
3\begin{frame}
4  \frametitle{Group locker support}
5
6  \begin{itemize}
7  \item ``Users'' on scripts are actually lockers.
8  \item User IDs are actually locker volume IDs.
9    \pause
10  \item Kerberos is modified to let users SSH in as any locker they
11    administrate.
12    \begin{itemize}
13    \item Replaced the \texttt{.k5login} mechanism:
14      \texttt{krb5\_kuserok()} in
15      \texttt{krb5/src/lib/krb5/os/kuserok.c}
16    \item Calls a Perl script \texttt{/usr/local/sbin/admof} to do the
17      actual check.
18    \end{itemize}
19  \end{itemize}
20\end{frame}
21
22\begin{frame}[fragile]
23\begin{footnotesize}
24\begin{semiverbatim}
25 krb5_boolean KRB5_CALLCONV
26 krb5_kuserok(krb5_context context, krb5_principal principal,
27              const char *luser)
28 \{
29     \ldots
30+    if ((pid = fork()) == -1) \{
31+       free(princname);
32+       return(FALSE);
33+    \}
34+    if (pid == 0) \{
35+#define ADMOF_PATH "/usr/local/sbin/ssh-admof"
36+        exec(ADMOF_PATH, ADMOF_PATH, (char *) luser, princname, NULL);
37+        exit(1);
38+    \}
39+    if (waitpid(pid, &status, 0) > 0 && WIFEXITED(status) &&
40+        WEXITSTATUS(status) == 33) \{
41+        isok = TRUE;
42+    \}
43     \ldots
44 \}
45\end{semiverbatim}
46\end{footnotesize}
47\end{frame}
Note: See TracBrowser for help on using the repository browser.