afs pts schema?

Marcus Watts mdw@umich.edu
Wed, 14 Mar 2001 18:39:23 -0500 

I wrote:

>         You'd have to provide a pt RPC (rx) interface, including
>                 especially getcps and friends.  That's what
>                 all the cache managers currently deployed expect,
>                 so if you want to play, you have to provide it too.
>         Not sure how openldap performs under load.  Performance
>                 could be an issue.

Lyle says:
> CMs don't talk to pt servers.   klog/login do, but don't have to, it's just for
> user-friendliness. Fileservers do, and must.  If you can change the fileserver
> getcps / gethostcps code, you're fine.

Lyle is certainly right, the CM doesn't have any pt code in it,
and I should have remembered that.  Something I guess I've never
understood, though, is just how does the CM do permissions checking
when a second person tries to access a file the CM already has in
its cache acquired under someone else's credentials.  It looks
like the CM does a RXAFS_FetchStatus everytime - so I suppose
that must be how this works.

The CM *does* know about acl's, however, to the extent that it
implement the pioctl's VIOCGETAL and VIOCSETAL, and it also
does at least read vice ID's in files to return the owner.
I believe it will be real painful to get rid of the underlying
assumption that there's a mapping between vice IDs, loginids, and
pt names, and moderately painful to replace ACLs with something else.

Assuming you keep AFS acls and vice IDs, then the problem
that remains is to map from a kerberos name, to a list of
vice IDs.  That's basically what pr_GetCPS does.  You'd also
need to map from a kerberos name to the one vice ID for
that name, which is pr_NameToId.  If you can duplicate
those two bits of codes, you can replace ptserver, but you
could probably just as easily put that code in a sort of stub
driver to emulate ptserver, and not muck with the fileserver code.
(well, 2.5 places -- there's also pr_GetHostCPS, and one
errant call to pr_IdToName for logging purposes.)

If you did decide to muck with the fileserver code, you'd want to make
sure your replacement for GetCPS, ACLs and/or NameToId allowed other
threads to proceed if your thread has to block resolving file
permissions or user identity (say, waiting for a response from a remote
network server.)  It's harder to do that with tcp (ldap) than with rx
(pts) but still possible.

				-Marcus Watts
				UM ITCS Umich Systems Group