For some background , the version of globus we are using is from the VDT distibution http://vdt.cs.wisc.edu/ , This a prepackaged globus 4.0.8 as patched by vdt from various sources. http://vdt.cs.wisc.edu/software/globus/4.0.8_VDT-1.10.1/globus-patched-source.tar.gz is the source from vdt.
My Initial problems with the gatekeeper was that using the external shell service with globus_k5 ( i believe orignaly written to shell out and get a kerberos token in from gram ), the call to gssklog -setpag didn't work as the lsetpag function can't change its parent process at least for linux. So i setout to add a call to lsetpag in globus_k5 prior to execv 'ing the call to "gssklog" described in its private mapfile. in had a similar problem in the globus-gridftp-server , int the globus_i_gridftp_server.c i added some calls to save the current creds, do a lsetpag, shell a call to gssklog , and the unlink the credintial cache so a user could do a globus-url-copy to there home directory in afs. then for wsgram i added the lsetpag and shell to gssklog into the globus_gridmap_and_execute .c source so that when web stuff fires off sudo to switch and run as a user, calling globus_gridmap_and_execute inline so it get their afs token in a new pag in the process and verifies there creds in the gridmapfile. I probably went about this the hard way but so far it seems to work. On Fri, 2009-06-05 at 10:26 -0500, Douglas E. Engert wrote: > > Mike Coyne wrote: > > I have been working on getting globus’s gatekeeper,grid-ftp,gsi-ssh etc. > > To work correctly with setting pag’s an shelling gssklog. > > I have not been involved with Globus for years, but wrote gsiklog and then > gssklog and much of the Globus gatekeeper for Globus version 1.1.3. The intent > was for the gatekeeper to call gssklog to get a PAG and token, and it should > have been working in that verison. So I am curious to what has happened since > then that requires you have to redo the code. > > I noticed > > verifying a bug fix > > http://rt.central.org/rt/Ticket/Display.hml?id=124709 that when I > > built a current snapshot with the diff that the kopenafs libs and header > > file was bult and installed . Will this show up In the release or > > “features” versions? It appears to be maintained since abut 2006 and > > would be quit usefull it will be available . > > > > > > To refraze the question I have calling lsetpag() after some stats on > > the /afs directory to see if its there. > > The original gssklog provided a version of lsetpag in gafstoken.c that > trapped signals if the AFS syscall failed, i.e. AFS was not present on > the machine. Thus it dod not need any AFS libraries. This was long before > k_hasafs which might be a beter choice. > > And hard linking In lilbsys.a > > but if the prefered interface is k_hasafs() and k_setpag() should I > > switch. > > > > > > > > Thanks Mike > > > > > > > _______________________________________________ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
