Coda File System

Re: Disconnected operation

From: Jan Harkes <jaharkes_at_cs.cmu.edu>
Date: Wed, 12 Apr 2000 13:03:38 -0400
On Wed, Apr 12, 2000 at 08:37:04AM +0100, Dr A V Le Blanc wrote:
> I set up a hoard file, as I described earlier:
> 
>      a /coda 100:d+
> 
> and ran hoard on it, then 'hoard walk', but I had problems.
> 
> On Wed, Apr 12, 2000 at 12:09:32AM -0400, Jan Harkes wrote:
> > Does "hoard list" show your specified hoard profile?
> >     hoard clear ; hoard -f <hoardfile>
> > should get the profile into the client.
> > 
> > Did the walk finish without giving errors?
> 
> The output of 'hoard list' is:
> 
>      <7f000000, .>, 0, 100:d+
> 
> which, I take it, does not include any of the other volumes?

Yes, hoard bindings are on a per volume basis. This is very
counter intuitive my initial choice of hoard profile:
    a /coda/usr/jaharkes 500:d+

Made sure my homedirectory was hoarded, but didn't make sure the
directories leading up to my homedirectory were present. So now my
profile looks like:
    a /coda 1000:c+
    a /coda/usr 1000:c+
    a /coda/usr/jaharkes 500:d+

> I didn't see an error at the time, but I've noticed since an
> occasional
> 
>         *** Not bound ***  /coda/service/unique/director/etc d+
> 
> after 'hoard walk'.

Most likely a symlink, the fix for that one is already in CVS.

> >     clog -tofile /home/xxx/tokenfile
>
> The problem I have is that on my (kerberised) system 'kclog'
> or 'kclog <username>' work, but 'kclog -tofile <filename>'
> with or without the username or the explicit '-kerberos5' flag
> or both always produces:
...
>      08:33:27 In Krb5Init()
>      Segmentation fault

Strange, the tofile argument shouldn't affect the kerberos stuff at all.

> I take it there will also be problems because of the time limit
> on Kerberos tickets; I can't renew them in disconnected mode, can
> I?  Do I need to setup the laptop as a Coda server to enable
> disconnected operation when I've compiled with kerberos 5?

No, kclog gives a kerberos ticket to kauth2, which passes back a regular
coda token. It is just the authentication of the user with the auth2
daemon that is done using kerberos.

In coda-src/auth2 you can find a program that allows administrators, who
know the auth2 secret (in auth2.tk), to create `extended time tokens'.
In your case it is probably more useful than installing an auth2 daemon
on the laptop.

Jan
Received on 2000-04-12 13:07:51