General

During the last days I had some time to work on different things that were in the working queue for quite some time:

First of all, I had the chance to look at the possibilities for OpenAFS web-administration again. As I might have written before, the libadmin library is such a mess in terms of documentation and I really did not want to dig into this - so I wanted to try out what was possible using JAFS. Until now there was no support for use in non-KAS cells but then - some weeks ago - there was a post on openafs-dev about using it in a K5 cell (and also fixing the code for compiling with java 1.5) so this was the chance to try it out. It really took some time to get it kind of working - but finally (after patching out the various kas_ calls that were still in the code - which made the code block almost infinitly, and some other patches to make it compile) it did. After that I was almost unable to belive that the php-java-bridge was working perfectly out of the box. So I could take phpSATk build some objects and definitions around the interface (this unfortunatly was a bit more complicated than the other things I build so farr because I had to do the right type casts in the wrapper) and hell yeah ... now it seems to work. And I updated my php_afs extension to only take a kerberos ticket (from php_krb5) and perform "aklog"-ging to the afs cell to have the right token in kernel.

This might be a pretty much glued together solution (and there are some problems like error handling which are not that nice), but yes - IT WORKS!!

The other thing I had been working on is the ICAP server (which still needs some unique name ) which made some great progress. It now supports previews and persistent connections, has the base for a parser to extract text tokens out of the source for content filtering and the score management is to be replaced by a real solutions soon. Squid3 is (marked) stable now - I do have it installed in a production environment already and the only thing on the bug list right now is a annonying ICAP bug to be reported) - so it might be a good idea to get it working soon. (Help is always appreciated)

As a result of a migration to OpenAFS (plus the implementation of a Kerberos infrastructure) I felt the need for a administrative solution for these two services and started working on PHP extensions for both of them. Both will be implemented as PHP5 OOP extensions.

The Kerberos (5 only) extension is nearly finished (just waiting whether further requirements come up while developing the AFS ext) and contains a simple interface for obtaining a TGT (which can later be used by other extensions to obtain service tickets) as well as a KADM5 interface for MIT's krb5. The installation procedure for it is a bit unfortunate at the moment because the kadmin headers have internal depencies and are not installed (so the source distribution is required for installation). I started a small discussion on krb5dev and it seems that fixing this is not that hard and can be expected for some future release. When this happens I think I'm going to propose it for PECL (there is a kadm5 extension, but it is neither maintained nor OO). In the meantime you can fetch the sources from my subversion repository if you like to.

The AFS extension is what I work on at the moment, doing it is more complicated than the krb5 ext - mainly because there is no real documentation - so it will take some time until it is finished. It is going to support kerberos5 afs-logons, creation/modification of PTS entries (users/groups), creation/modification of volumes as well as ACL modification, mount point creation and maybe backup coordination.

Hello everybody who has found his way to this site

This is the place where I will post what I'm working on at the moment and maybe some other things that might be of interest.
Do not expect this blog to be high traffic, I think it will be more of "a post every week or two".

And of course a happy new year to anybody ...