Simon's Musings

January 28, 2008

OpenAFS upgrades

Filed under: work — sxw @ 12:05 pm
Tags: , ,

This week, I’m going to be upgrading our OpenAFS database servers to 1.4.6, with my patch to disable the checks for principal names with dots in them (this patch will ship with OpenAFS 1.4.7). At the moment, iFriend users can’t register with the AFS pts database, because the email address naming scheme requires that their name contain dots. This means that there’s no way of using iFriend as an AFS authentication scheme, which was one of the original goals. 

Once all of the AFS database servers are suitably upgraded, it’ll be possible to register iFriend users, either through a CGI script, or with an extension to mod_waklog. Allowing them access to specific directories will require the fileserver hosting that volume to have also been upgraded, and correctly configured. 

OpenSSH cascading credentials

Filed under: work — sxw @ 11:44 am
Tags: , , ,

I shipped the OpenSSH package with cascading credentials support that we’ve been testing for the last year or so site wide today. It’ll appear in develop releases from tonight, and in the next stable release.

The cascading credential support isn’t enabled with this, however. Enabling cascading credentials requires a configuration file change which LCFG can’t sync with the package update – so the configuration will get changed in a subsequent release cycle (next weeks, if all goes according to plan).

More details on cascading credentials is available from the second part of my SSH talk at last year’s AFS & Kerberos Best Practices Workshop. I need to make a public release of this patch, too. 

Theme: Rubric.