[GE users] using kerberos rsh for qrsh

sophana jobarjo78 at yahoo.fr
Mon May 17 16:13:28 BST 2004


thanks a lot!
I will try that. it seems to be exactly what i need.
Is it hard to implement a token life time extension?

maybe should I regularly update the token at the submit host? I saw a 
script somewhere doing that...

James E. Dobson wrote:

>...around May 17, 2004  sophana aka (jobarjo78 at yahoo.fr) said :
>
>  
>
>>As we have problems with file integrity and performance with nfs, I
>>would like to use AFS instead.
>>AFS use a kerberos like authentication.
>>I saw that there are some features in sge to perform token forwarding
>>but only with qsub (not qrsh). Some binaries are also not distributed in
>>sge because of licensing problems.
>>    
>>
>>------------------------------------------------------------------------
>>
>>/*
>> * GetToken.c: read a token from the Cache Manager and write to a file.
>> *
>> * $Id: GetToken.c,v 1.1 2003/04/15 13:41:15 jed Exp jed $
>> *
>> */
>>
>>#include <unistd.h>
>>#include <stdlib.h>
>>#include <stddef.h>
>>#include <stdio.h>
>>#include <strings.h> /* bzero lives in either string.h or strings.h...sigh */
>>#include <string.h>
>>#include <netinet/in.h>
>>#include <errno.h>
>>
>>#include <afs/param.h>
>>
>>#include <afs/stds.h>
>>#include <afs/afsutil.h>
>>#include <afs/auth.h>
>>
>>
>>extern int ktc_GetToken(struct ktc_principal *aserver,
>>			struct ktc_token *atoken,
>>			int atokenLen,
>>			struct ktc_principal *aclient);
>>
>>extern int ktc_ListTokens(int aprevIndex,
>>			  int* aindex, struct ktc_principal *aserver);
>>
>>
>>int main(int argc, char* argv[])
>>{
>>  int cellIndex, newIndex;
>>  for (cellIndex = 0 ; ; cellIndex = newIndex) {
>>    struct ktc_principal server;
>>    struct ktc_principal client;
>>    struct ktc_token token;
>>    int rc;
>>
>>    bzero(&server, sizeof(struct ktc_principal));
>>    bzero(&client, sizeof(struct ktc_principal));
>>    bzero(&token, sizeof(struct ktc_token));
>>
>>    /* fetch server principal */
>>    rc = ktc_ListTokens(cellIndex, &newIndex, &server);
>>
>>    /*
>>      fprintf(stderr, "cellIndex = %d, newIndex = %d, rc = %d  (%d)\n",
>>                      cellIndex,
>>		      newIndex,
>>		      rc,
>>		      KTC_NOENT);
>>    */
>>
>>    if (rc) {
>>      if (rc == KTC_NOENT) {
>>	/* no more tokens */
>>	break;
>>      } else {
>>	/* some error occured */
>>	perror("ktc_ListTokens failed fetching original tokens");
>>	exit(1);
>>      }
>>    }
>>    
>>    rc = ktc_GetToken(&server,
>>		      &token, sizeof(struct ktc_token),
>>		      &client);
>>
>>    if (rc) {
>>      printf("error: couldn't get token!\n");
>>      exit(255);
>>    }
>>
>>
>>    /*
>>     * Fix up endian issues. Only the ktc_token structure has
>>     * problems...we will make all field network byte-order...
>>     */
>>
>>    token.startTime = htonl(token.startTime);
>>    token.endTime = htonl(token.endTime);
>>    token.kvno = htons(token.kvno);
>>    token.ticketLen = htonl(token.ticketLen);
>>
>>
>>    /*
>>     * Puke out the token
>>     */
>>
>>    write(STDOUT_FILENO, &server, sizeof(struct ktc_principal));
>>    write(STDOUT_FILENO, &client, sizeof(struct ktc_principal));
>>    write(STDOUT_FILENO, &token, sizeof(struct ktc_token));
>>  }
>>
>>  exit(0);
>>}
>>    
>>
>>------------------------------------------------------------------------
>>
>>
>>/*
>> * SetToken.c: read a token from a file and load into Cache Manager. 
>> *
>> * $Id: SetToken.c,v 1.1 2003/04/15 13:41:38 jed Exp jed $
>> *
>> */
>>
>>#include <unistd.h>
>>#include <stdlib.h>
>>#include <stddef.h>
>>#include <stdio.h>
>>#include <string.h>   /* bzero lives in either string.h or strings.h...sigh */
>>#include <strings.h>
>>#include <netinet/in.h>
>>#include <errno.h>
>>
>>#include <afs/param.h>
>>
>>#include <afs/stds.h>
>>#include <afs/afsutil.h>
>>#include <afs/auth.h>
>>
>>
>>extern int ktc_SetToken(struct ktc_principal *aserver,
>>			struct ktc_token *atoken,
>>			struct ktc_principal *aclient,
>>			int flags);
>>
>>
>>
>>int readn(int fd, void *vptr, size_t n)
>>{
>>  size_t  nleft;
>>  ssize_t nread;
>>  char    *ptr;
>>  
>>  ptr = vptr;
>>  nleft = n;
>>  while (nleft > 0) {
>>    if ( (nread = read(fd, ptr, nleft)) < 0) {
>>      if (errno == EINTR)
>>	nread = 0;              /* and call read() again */
>>      else
>>	return(-1);
>>    } else if (nread == 0)
>>      break;                          /* EOF */
>>    
>>    nleft -= nread;
>>    ptr   += nread;
>>  }
>>  return(n - nleft);              /* return >= 0 */
>>}
>>
>>
>>
>>int main(int argc, char* argv[])
>>{
>>  struct ktc_principal server;
>>  struct ktc_principal client;
>>  struct ktc_token token;
>>
>>  
>>  for ( ; ; ) {
>>    int nbytes, rc;
>>
>>    nbytes = readn(STDIN_FILENO, &server, sizeof(struct ktc_principal));
>>    if (nbytes == 0) break;  /* EOF */
>>    if (nbytes < 0) {
>>      perror("truncated nread getting server struct");
>>      exit(1);
>>    }
>>
>>    nbytes = readn(STDIN_FILENO, &client, sizeof(struct ktc_principal));
>>    if (nbytes <= 0) {
>>      perror("truncated nread getting client struct");
>>      exit(1);
>>    }
>>
>>    nbytes = readn(STDIN_FILENO, &token, sizeof(struct ktc_token));
>>    if (nbytes <= 0) {
>>      perror("truncated nread getting token struct");
>>      exit(1);
>>    }
>>
>>
>>    /*
>>     * Fix up endian issues. Only the ktc_token structure has
>>     * problems...we will receive everything in network byte-order,
>>     * so we convert back to host convention now...
>>     */
>>
>>    token.startTime = ntohl(token.startTime);
>>    token.endTime = ntohl(token.endTime);
>>    token.kvno = ntohs(token.kvno);
>>    token.ticketLen = ntohl(token.ticketLen);
>>
>>
>>    /*
>>     * Set the token
>>     */
>>    rc = ktc_SetToken(&server, &token, &client, 0);
>>
>>    if (rc) {
>>      perror("ktc_SetToken failed reinstalling tokens");
>>      exit(1);
>>    }
>>  }
>>
>>  exit(0);
>>}
>>    
>>
>>------------------------------------------------------------------------
>>
>>---------------------------------------------------------------------
>>To unsubscribe, e-mail: users-unsubscribe at gridengine.sunsource.net
>>For additional commands, e-mail: users-help at gridengine.sunsource.net
>>


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe at gridengine.sunsource.net
For additional commands, e-mail: users-help at gridengine.sunsource.net




More information about the gridengine-users mailing list