| Last change
                  on this file since 2002 was
                  1648,
                  checked in by ezyang, 15 years ago | 
        
          | Add cluedump slide sources to Subversion. | 
        | File size:
            1.2 KB | 
      
      
        
  | Rev | Line |  | 
|---|
| [1648] | 1 | \subsection{Kerberos} | 
|---|
|  | 2 |  | 
|---|
|  | 3 | \begin{frame} | 
|---|
|  | 4 | \frametitle{Group locker support} | 
|---|
|  | 5 |  | 
|---|
|  | 6 | \begin{itemize} | 
|---|
|  | 7 | \item ``Users'' on scripts are actually lockers. | 
|---|
|  | 8 | \item User IDs are actually locker volume IDs. | 
|---|
|  | 9 | \pause | 
|---|
|  | 10 | \item Kerberos is modified to let users SSH in as any locker they | 
|---|
|  | 11 | administrate. | 
|---|
|  | 12 | \begin{itemize} | 
|---|
|  | 13 | \item Replaced the \texttt{.k5login} mechanism: | 
|---|
|  | 14 | \texttt{krb5\_kuserok()} in | 
|---|
|  | 15 | \texttt{krb5/src/lib/krb5/os/kuserok.c} | 
|---|
|  | 16 | \item Calls a Perl script \texttt{/usr/local/sbin/admof} to do the | 
|---|
|  | 17 | actual check. | 
|---|
|  | 18 | \end{itemize} | 
|---|
|  | 19 | \end{itemize} | 
|---|
|  | 20 | \end{frame} | 
|---|
|  | 21 |  | 
|---|
|  | 22 | \begin{frame}[fragile] | 
|---|
|  | 23 | \begin{footnotesize} | 
|---|
|  | 24 | \begin{semiverbatim} | 
|---|
|  | 25 | krb5_boolean KRB5_CALLCONV | 
|---|
|  | 26 | krb5_kuserok(krb5_context context, krb5_principal principal, | 
|---|
|  | 27 | const char *luser) | 
|---|
|  | 28 | \{ | 
|---|
|  | 29 | \ldots | 
|---|
|  | 30 | +    if ((pid = fork()) == -1) \{ | 
|---|
|  | 31 | +       free(princname); | 
|---|
|  | 32 | +       return(FALSE); | 
|---|
|  | 33 | +    \} | 
|---|
|  | 34 | +    if (pid == 0) \{ | 
|---|
|  | 35 | +#define ADMOF_PATH "/usr/local/sbin/ssh-admof" | 
|---|
|  | 36 | +        exec(ADMOF_PATH, ADMOF_PATH, (char *) luser, princname, NULL); | 
|---|
|  | 37 | +        exit(1); | 
|---|
|  | 38 | +    \} | 
|---|
|  | 39 | +    if (waitpid(pid, &status, 0) > 0 && WIFEXITED(status) && | 
|---|
|  | 40 | +        WEXITSTATUS(status) == 33) \{ | 
|---|
|  | 41 | +        isok = TRUE; | 
|---|
|  | 42 | +    \} | 
|---|
|  | 43 | \ldots | 
|---|
|  | 44 | \} | 
|---|
|  | 45 | \end{semiverbatim} | 
|---|
|  | 46 | \end{footnotesize} | 
|---|
|  | 47 | \end{frame} | 
|---|
       
      
      Note: See 
TracBrowser
        for help on using the repository browser.