Jonathan S. Thyer writes:
> I also did the AFS authentication modification for this to work. If used the Pine
>3.91
> distribution.. Look in the c-client directory for the file called 'log_OS.c' where
> OS is your platform/operating system. (in my case it was log_svr4.c)
>
> In there you will find the routine 'server_login'. It is fairly trivial to add a
> ka_UserAuthenticate call in there to provide the functionality you need.
> I recompiled and tested both imapd, and the pop server. Both work just fine.
I'm not sure it's as trivial as you think.
We have been running AFS Kerberos authenticated POP for several years and
have noticed that after a month or so, it starts taking up to 13 seconds
of CPU time on a Sparc 1 to 'klog' (hence also, POP authenticate).
This seems to be related to lots of token/PAG creations with no explicit
token/PAG destructions.
With POP, all one really needs to do is authenticate - no token is
needed. I think this was the motivation behind some questions/answers
on info-afs in the last two months. The best solution I saw was
workable, but too kludgy for me.
Which causes the problem, the token or the PAG?
Possible solutions:
o Do not obtain PAG.
o Set token lifetime to one second.
o Explicitly 'unlog' after getting the token.
With IMAP, the situation may be different. If you want users to have
their IMAP space in AFS, they will need tokens. But this is probably
not a good idea anyway.
Since this kind of thing is arguably not Transarc's problem, we are on
our own.
-Rick
--
|Rick Cochran 607-255-7223|
|Cornell Materials Science Center [EMAIL PROTECTED]|
|E20 Clark Hall, Ithaca, N.Y. 14853 cornell!msc.cornell.edu!rick|
| "Workstations - I bet you can't eat just one!" |
