jimzah/openafs
1
0
Fork 0
mirror of https://git.openafs.org/openafs.git synced 2025-01-18 23:10:58 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
a55d61b1f5
openafs/doc/man-pages/pod1
History
Jeffrey Altman a55d61b1f5 klog: make krb5_524 non-fatal for native K5 tokens 
The krb5_524_conv_principal() function should fail whenever the Kerberos
v5 principal cannot safely be mapped onto a Kerberos v4 principal, and
does fail on some Kerberos v5 principals used in real-world AFS
deployments.

Prior to this patchset a failure was treated as a fatal error that
in turn prevents an AFS token from being generated or set into the
cache manager.

Prior to b1f9b4cb5d the
krb5_524_conv_principal() function wasn't used and a local client
mapping was created.  b1f9b4cb5d
replaced the local mapping with the krb5 function because the local
mapping could be wrong and confusing.

The krb5_524_conv_principal() function as applied to AFS tokens is
just a local guess.  How the username in the token is interpreted by
the AFS server is up to the server.

krb5_524_conv_principal() is only used for Krb5 native tokens. For Krb4
tokens the krb5_524_convert_creds() function is used to obtain both the
Kerberos v4 ticket and the converted names from the KDC. Many
organizations used the krb524d service to perform name translation. When
the krb524d service is used, the name translation is performed by the KDC,
so there is no local call to krb5_524_conf_principal() which might fail.
As a result, disallowing the use of a native Krb5 token due to a failed
local name translation is a needless loss of functionality; the local name
translation is not an essential part of obtaining a token.

This patchset modifies the behavior such that krb5_524_conv_principal()
errors are non-fatal.

 1. If -noprdb is not specified the error message is generated
    and a NULL username is used.

 2. If the username is NULL the prdb lookup is disabled.

 3. If the username is NULL the informational messages do not
    include a username.

 4. If the username is NULL the username info provided to the
    cache manager in the token description is the nul string.

Credit to Ben Kaduk for assistance with the wording of this
commit message.

Change-Id: Ib07131fc0ff4bf5319815213198c3f0adac17b10
Reviewed-on: http://gerrit.openafs.org/11542
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Reviewed-by: D Brashear <shadow@your-file-system.com>
2014-11-05 10:41:09 -05:00
..
fragments doc: vos manpage fixes 2013-11-04 09:32:48 -08:00
.gitignore doc: Make all vos pages =include common options 2013-11-04 09:32:57 -08:00
afs_compile_et.pod comerr: compile_et -emit option for parallel make 2014-01-29 07:20:44 -08:00
afs.pod Remove documentation of 'program' 2014-10-23 16:10:07 -04:00
afsmonitor.pod doc: afsmonitor manpage fixes 2013-11-04 09:33:37 -08:00
aklog.pod klog: make krb5_524 non-fatal for native K5 tokens 2014-11-05 10:41:09 -05:00
cmdebug.pod doc: -afsdb uses SRV records 2011-05-17 13:20:26 -07:00
copyauth.pod man-page-copyauth-20090518 2009-05-18 19:32:06 +00:00
dlog.pod doc: replace hostnames with IETF example hostnames 2012-02-17 20:51:58 -08:00
fs_apropos.pod man-page-name-underscore-more-20071111 2007-11-12 00:12:28 +00:00
fs_bypassthreshold.pod doc: Add fs bypassthreshold man page 2012-07-05 20:50:50 -07:00
fs_checkservers.pod doc: replace hostnames with IETF example hostnames 2012-02-17 20:51:58 -08:00
fs_checkvolumes.pod man-page-name-underscore-20071111 2007-11-11 22:54:56 +00:00
fs_chgrp.pod doc: replace hostnames with IETF example hostnames 2012-02-17 20:51:58 -08:00
fs_chown.pod doc: replace hostnames with IETF example hostnames 2012-02-17 20:51:58 -08:00
fs_cleanacl.pod doc: replace hostnames with IETF example hostnames 2012-02-17 20:51:58 -08:00
fs_copyacl.pod doc: replace hostnames with IETF example hostnames 2012-02-17 20:51:58 -08:00
fs_cscpolicy.pod manpages-fs-chown-chgrp-20090701 2009-07-01 22:12:10 +00:00
fs_discon.pod doc: Add 'fs discon' manpage 2013-11-04 12:21:27 -08:00
fs_diskfree.pod doc: replace hostnames with IETF example hostnames 2012-02-17 20:51:58 -08:00
fs_examine.pod doc: replace hostnames with IETF example hostnames 2012-02-17 20:51:58 -08:00
fs_exportafs.pod doc: fs manpage fixes 2013-11-04 04:09:26 -08:00
fs_flush.pod man-page-name-underscore-20071111 2007-11-11 22:54:56 +00:00
fs_flushall.pod libafs: fs flushall for unix cm 2013-01-24 08:35:40 -08:00
fs_flushmount.pod doc: replace hostnames with IETF example hostnames 2012-02-17 20:51:58 -08:00
fs_flushvolume.pod man-page-name-underscore-20071111 2007-11-11 22:54:56 +00:00
fs_getcacheparms.pod Document the extra options to fs getcacheparms 2010-02-03 07:53:24 -08:00
fs_getcalleraccess.pod man-page-license-change-20071225 2007-12-25 22:22:22 +00:00
fs_getcellstatus.pod doc: replace hostnames with IETF example hostnames 2012-02-17 20:51:58 -08:00
fs_getclientaddrs.pod man-page-name-underscore-20071111 2007-11-11 22:54:56 +00:00
fs_getcrypt.pod Fix spelling error in fs_getcrypt man page 2013-06-18 11:33:42 -07:00
fs_getfid.pod doc: fs manpage fixes 2013-11-04 04:09:26 -08:00
fs_getserverprefs.pod doc: replace hostnames with IETF example hostnames 2012-02-17 20:51:58 -08:00
fs_getverify.pod Fix spelling error in fs_getverify man page 2013-06-29 23:27:41 -07:00
fs_help.pod man-page-name-underscore-20071111 2007-11-11 22:54:56 +00:00
fs_listacl.pod Remove references to IBM AFS 2010-05-26 12:05:45 -07:00
fs_listaliases.pod spelling/grammar fixes for manpages 2011-02-03 12:29:34 -08:00
fs_listcells.pod doc: replace hostnames with IETF example hostnames 2012-02-17 20:51:58 -08:00
fs_listquota.pod.in doc: Fix whitespace errors 2012-07-03 07:30:39 -07:00
fs_lsmount.pod doc: replace hostnames with IETF example hostnames 2012-02-17 20:51:58 -08:00
fs_memdump.pod manpages-fs-chown-chgrp-20090701 2009-07-01 22:12:10 +00:00
fs_messages.pod man-page-name-underscore-20071111 2007-11-11 22:54:56 +00:00
fs_minidump.pod Docs: Specify where the Windows mini dump file is written 2010-11-02 20:29:01 -07:00
fs_mkmount.pod doc: replace hostnames with IETF example hostnames 2012-02-17 20:51:58 -08:00
fs_monitor.pod man-page-fs-monitor-20090518 2009-05-18 19:35:31 +00:00
fs_newalias.pod doc: fix a nit in fs_newalias.pod 2013-12-18 07:37:05 -08:00
fs_newcell.pod doc: add linked cells description to man pages 2013-11-01 18:53:13 -07:00
fs_nukenfscreds.pod doc: Add 'fs nukenfscreds' manpage 2013-11-04 12:20:58 -08:00
fs_precache.pod doc: Add 'fs precache' manpage 2013-11-04 12:20:29 -08:00
fs_quota.pod.in doc: Fix whitespace errors 2012-07-03 07:30:39 -07:00
fs_rmmount.pod doc: replace hostnames with IETF example hostnames 2012-02-17 20:51:58 -08:00
fs_rxstatpeer.pod man-page-yet-more-fs-commands-20090517 2009-05-18 04:34:38 +00:00
fs_rxstatproc.pod doc: fs manpage fixes 2013-11-04 04:09:26 -08:00
fs_setacl.pod doc: fix typo in fs setacl 2014-01-22 17:51:12 -08:00
fs_setcachesize.pod Document human-readable size suffixes 2009-07-25 07:10:52 -07:00
fs_setcbaddr.pod doc: fs manpage fixes 2013-11-04 04:09:26 -08:00
fs_setcell.pod doc: replace hostnames with IETF example hostnames 2012-02-17 20:51:58 -08:00
fs_setclientaddrs.pod man-page-name-underscore-20071111 2007-11-11 22:54:56 +00:00
fs_setcrypt.pod doc: clarify setcrypt defaults 2013-08-02 08:58:56 -07:00
fs_setquota.pod.in doc: Consolidate CAUTIONS notes about volume size 2012-07-03 07:30:17 -07:00
fs_setserverprefs.pod doc: replace hostnames with IETF example hostnames 2012-02-17 20:51:58 -08:00
fs_setverify.pod man-pages: add fs_getverify and fs_setverify 2012-01-29 13:54:36 -08:00
fs_setvol.pod.in doc: Consolidate CAUTIONS notes about volume size 2012-07-03 07:30:17 -07:00
fs_storebehind.pod doc: fix some broken link specifications 2011-06-22 11:01:09 -07:00
fs_sysname.pod Remove support for Solaris pre-8 2011-06-30 07:27:39 -07:00
fs_trace.pod man-page-syntax-errors-20090518 2009-05-19 00:53:26 +00:00
fs_uuid.pod man-page-license-change-20071225 2007-12-25 22:22:22 +00:00
fs_whereis.pod doc: replace hostnames with IETF example hostnames 2012-02-17 20:51:58 -08:00
fs_whichcell.pod doc: fs manpage fixes 2013-11-04 04:09:26 -08:00
fs_wscell.pod doc: replace hostnames with IETF example hostnames 2012-02-17 20:51:58 -08:00
fs.pod doc: Add fs bypassthreshold man page 2012-07-05 20:50:50 -07:00
klog.krb5.pod doc: replace hostnames with IETF example hostnames 2012-02-17 20:51:58 -08:00
klog.pod doc: state klog.krb is obsolete 2013-09-30 06:31:56 -07:00
knfs.pod doc: replace hostnames with IETF example hostnames 2012-02-17 20:51:58 -08:00
kpasswd.pod doc: replace hostnames with IETF example hostnames 2012-02-17 20:51:58 -08:00
livesys.pod doc: Fix livesys output formatting 2013-11-04 12:18:48 -08:00
pagsh.pod doc: fix some broken link specifications 2011-06-22 11:01:09 -07:00
pts_adduser.pod.in doc: pts manpage fixes 2013-11-03 20:36:16 -08:00
pts_apropos.pod man-page-name-underscore-20071111 2007-11-11 22:54:56 +00:00
pts_chown.pod.in doc: pts manpage fixes 2013-11-03 20:36:16 -08:00
pts_creategroup.pod.in doc: pts manpage fixes 2013-11-03 20:36:16 -08:00
pts_createuser.pod.in doc: pts manpage fixes 2013-11-03 20:36:16 -08:00
pts_delete.pod.in doc: pts manpage fixes 2013-11-03 20:36:16 -08:00
pts_examine.pod.in doc: pts manpage fixes 2013-11-03 20:36:16 -08:00
pts_help.pod man-page-name-underscore-20071111 2007-11-11 22:54:56 +00:00
pts_interactive.pod.in doc: pts manpage fixes 2013-11-03 20:36:16 -08:00
pts_listentries.pod.in doc: pts manpage fixes 2013-11-03 20:36:16 -08:00
pts_listmax.pod.in doc: pts manpage fixes 2013-11-03 20:36:16 -08:00
pts_listowned.pod.in doc: pts manpage fixes 2013-11-03 20:36:16 -08:00
pts_membership.pod.in doc: pts manpage fixes 2013-11-03 20:36:16 -08:00
pts_quit.pod.in doc: pts manpage fixes 2013-11-03 20:36:16 -08:00
pts_removeuser.pod.in doc: pts manpage fixes 2013-11-03 20:36:16 -08:00
pts_rename.pod.in doc: pts manpage fixes 2013-11-03 20:36:16 -08:00
pts_setfields.pod.in doc: pts manpage fixes 2013-11-03 20:36:16 -08:00
pts_setmax.pod.in doc: pts manpage fixes 2013-11-03 20:36:16 -08:00
pts_sleep.pod.in doc: pts manpage fixes 2013-11-03 20:36:16 -08:00
pts_source.pod.in doc: pts manpage fixes 2013-11-03 20:36:16 -08:00
pts.pod doc: pts manpage fixes 2013-11-03 20:36:16 -08:00
restorevol.pod doc: restorevol manpage fixes 2013-11-04 04:09:12 -08:00
rxdebug.pod doc: rxdebug manpage fixes 2013-11-04 11:57:07 -08:00
rxgen.pod spelling/grammar fixes for manpages 2011-02-03 12:29:34 -08:00
scout.pod doc: replace hostnames with IETF example hostnames 2012-02-17 20:51:58 -08:00
symlink_list.pod manpages-fs-chown-chgrp-20090701 2009-07-01 22:12:10 +00:00
symlink_make.pod manpages-fs-chown-chgrp-20090701 2009-07-01 22:12:10 +00:00
symlink_remove.pod manpages-fs-chown-chgrp-20090701 2009-07-01 22:12:10 +00:00
symlink.pod Add POD links (L<>) in pts.pod and symlink.pod 2009-10-08 11:00:14 -07:00
sys.pod Remove support for Solaris pre-8 2011-06-30 07:27:39 -07:00
tokens.pod doc: replace hostnames with IETF example hostnames 2012-02-17 20:51:58 -08:00
translate_et.pod pretty-html-synopsis-20060228 2006-03-01 05:02:29 +00:00
udebug.pod doc: Fix udebug -port bullet list 2013-11-03 20:36:42 -08:00
unlog.pod doc: replace hostnames with IETF example hostnames 2012-02-17 20:51:58 -08:00
up.pod pretty-html-synopsis-20060228 2006-03-01 05:02:29 +00:00
vos_addsite.pod.in doc: vos manpage fixes 2013-11-04 09:32:48 -08:00
vos_apropos.pod man-page-name-underscore-20071111 2007-11-11 22:54:56 +00:00
vos_backup.pod.in doc: vos manpage fixes 2013-11-04 09:32:48 -08:00
vos_backupsys.pod.in doc: Make all vos pages =include common options 2013-11-04 09:32:57 -08:00
vos_changeaddr.pod.in doc: Make all vos pages =include common options 2013-11-04 09:32:57 -08:00
vos_changeloc.pod.in doc: Make all vos pages =include common options 2013-11-04 09:32:57 -08:00
vos_clone.pod.in doc: Make all vos pages =include common options 2013-11-04 09:32:57 -08:00
vos_convertROtoRW.pod.in doc: recommend cleanup steps in "vos convertROtoRW" man page 2014-04-23 21:54:07 -07:00
vos_copy.pod.in doc: vos manpage fixes 2013-11-04 09:32:48 -08:00
vos_create.pod.in doc: Make all vos pages =include common options 2013-11-04 09:32:57 -08:00
vos_delentry.pod.in doc: Make all vos pages =include common options 2013-11-04 09:32:57 -08:00
vos_dump.pod.in doc: vos manpage fixes 2013-11-04 09:32:48 -08:00
vos_endtrans.pod.in doc: Make all vos pages =include common options 2013-11-04 09:32:57 -08:00
vos_examine.pod.in doc: Make all vos pages =include common options 2013-11-04 09:32:57 -08:00
vos_help.pod man-page-name-underscore-20071111 2007-11-11 22:54:56 +00:00
vos_listaddrs.pod.in doc: Make all vos pages =include common options 2013-11-04 09:32:57 -08:00
vos_listpart.pod.in doc: Make all vos pages =include common options 2013-11-04 09:32:57 -08:00
vos_listvldb.pod.in doc: Make all vos pages =include common options 2013-11-04 09:32:57 -08:00
vos_listvol.pod.in doc: Make all vos pages =include common options 2013-11-04 09:32:57 -08:00
vos_lock.pod.in doc: Make all vos pages =include common options 2013-11-04 09:32:57 -08:00
vos_move.pod.in doc: Make all vos pages =include common options 2013-11-04 09:32:57 -08:00
vos_offline.pod.in doc: Make all vos pages =include common options 2013-11-04 09:32:57 -08:00
vos_online.pod.in doc: Make all vos pages =include common options 2013-11-04 09:32:57 -08:00
vos_partinfo.pod.in doc: Make all vos pages =include common options 2013-11-04 09:32:57 -08:00
vos_release.pod.in vos: vos release -force-reclone option 2014-05-21 07:04:11 -04:00
vos_remove.pod.in doc: Make all vos pages =include common options 2013-11-04 09:32:57 -08:00
vos_remsite.pod.in doc: Make all vos pages =include common options 2013-11-04 09:32:57 -08:00
vos_rename.pod.in doc: Make all vos pages =include common options 2013-11-04 09:32:57 -08:00
vos_restore.pod.in doc: Make all vos pages =include common options 2013-11-04 09:32:57 -08:00
vos_setaddrs.pod.in doc: Make all vos pages =include common options 2013-11-04 09:32:57 -08:00
vos_setfields.pod.in doc: Make all vos pages =include common options 2013-11-04 09:32:57 -08:00
vos_shadow.pod.in doc: Make all vos pages =include common options 2013-11-04 09:32:57 -08:00
vos_size.pod.in doc: Make all vos pages =include common options 2013-11-04 09:32:57 -08:00
vos_status.pod.in doc: Make all vos pages =include common options 2013-11-04 09:32:57 -08:00
vos_syncserv.pod.in doc: Make all vos pages =include common options 2013-11-04 09:32:57 -08:00
vos_syncvldb.pod.in doc: Make all vos pages =include common options 2013-11-04 09:32:57 -08:00
vos_unlock.pod.in doc: Make all vos pages =include common options 2013-11-04 09:32:57 -08:00
vos_unlockvldb.pod.in doc: Make all vos pages =include common options 2013-11-04 09:32:57 -08:00
vos_zap.pod.in doc: vos manpage fixes 2013-11-04 09:32:48 -08:00
vos.pod.in doc: Consolidate CAUTIONS notes about volume size 2012-07-03 07:30:17 -07:00
xstat_cm_test.pod doc: quote list items in POD 2013-05-01 13:58:56 -07:00
xstat_fs_test.pod doc: quote list items in POD 2013-05-01 13:58:56 -07:00