|
Last change
on this file since 1954 was
1648,
checked in by ezyang, 13 years ago
|
|
Add cluedump slide sources to Subversion.
|
|
File size:
1.2 KB
|
| Rev | Line | |
|---|
| [1648] | 1 | \subsection{Kerberos} |
|---|
| 2 | |
|---|
| 3 | \begin{frame} |
|---|
| 4 | \frametitle{Group locker support} |
|---|
| 5 | |
|---|
| 6 | \begin{itemize} |
|---|
| 7 | \item ``Users'' on scripts are actually lockers. |
|---|
| 8 | \item User IDs are actually locker volume IDs. |
|---|
| 9 | \pause |
|---|
| 10 | \item Kerberos is modified to let users SSH in as any locker they |
|---|
| 11 | administrate. |
|---|
| 12 | \begin{itemize} |
|---|
| 13 | \item Replaced the \texttt{.k5login} mechanism: |
|---|
| 14 | \texttt{krb5\_kuserok()} in |
|---|
| 15 | \texttt{krb5/src/lib/krb5/os/kuserok.c} |
|---|
| 16 | \item Calls a Perl script \texttt{/usr/local/sbin/admof} to do the |
|---|
| 17 | actual check. |
|---|
| 18 | \end{itemize} |
|---|
| 19 | \end{itemize} |
|---|
| 20 | \end{frame} |
|---|
| 21 | |
|---|
| 22 | \begin{frame}[fragile] |
|---|
| 23 | \begin{footnotesize} |
|---|
| 24 | \begin{semiverbatim} |
|---|
| 25 | krb5_boolean KRB5_CALLCONV |
|---|
| 26 | krb5_kuserok(krb5_context context, krb5_principal principal, |
|---|
| 27 | const char *luser) |
|---|
| 28 | \{ |
|---|
| 29 | \ldots |
|---|
| 30 | + if ((pid = fork()) == -1) \{ |
|---|
| 31 | + free(princname); |
|---|
| 32 | + return(FALSE); |
|---|
| 33 | + \} |
|---|
| 34 | + if (pid == 0) \{ |
|---|
| 35 | +#define ADMOF_PATH "/usr/local/sbin/ssh-admof" |
|---|
| 36 | + exec(ADMOF_PATH, ADMOF_PATH, (char *) luser, princname, NULL); |
|---|
| 37 | + exit(1); |
|---|
| 38 | + \} |
|---|
| 39 | + if (waitpid(pid, &status, 0) > 0 && WIFEXITED(status) && |
|---|
| 40 | + WEXITSTATUS(status) == 33) \{ |
|---|
| 41 | + isok = TRUE; |
|---|
| 42 | + \} |
|---|
| 43 | \ldots |
|---|
| 44 | \} |
|---|
| 45 | \end{semiverbatim} |
|---|
| 46 | \end{footnotesize} |
|---|
| 47 | \end{frame} |
|---|
Note: See
TracBrowser
for help on using the repository browser.
