.\" -*- mode: troff; coding: utf-8 -*- .\" Automatically generated by Pod::Man 5.01 (Pod::Simple 3.43) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ . ds C` "" . ds C' "" 'br\} .el\{\ . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" ======================================================================== .\" .IX Title "AFS::PAG 3pm" .TH AFS::PAG 3pm 2024-03-07 "perl v5.38.2" "User Contributed Perl Documentation" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH NAME AFS::PAG \- Perl bindings for AFS PAG manipulation .SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 1 \& use AFS::PAG qw(hasafs setpag unlog); \& \& if (hasafs()) { \& setpag(); \& system(\*(Aqaklog\*(Aq) == 0 \& or die "cannot get tokens\en"; \& do_afs_things(); \& unlog(); \& } .Ve .SH DESCRIPTION .IX Header "DESCRIPTION" AFS is a distributed file system allowing cross-platform sharing of files among multiple computers. It associates client credentials (called AFS tokens) with a Process Authentication Group, or PAG. AFS::PAG makes available in Perl the PAG manipulation functions provided by the libkafs or libkopenafs libraries. .PP With the functions provided by this module, a Perl program can detect whether AFS is available on the local system (\fBhasafs()\fR) and whether it is currently running inside a PAG (\fBhaspag()\fR). It can also create a new PAG and put the current process in it (\fBsetpag()\fR) and remove any AFS tokens in the current PAG (\fBunlog()\fR). .PP Note that this module doesn't provide a direct way to obtain new AFS tokens. Programs that need AFS tokens should normally obtain Kerberos tickets (via whatever means) and then run the program \fBaklog\fR, which comes with most AFS distributions. This program will create AFS tokens from the current Kerberos ticket cache and store them in the current PAG. To isolate those credentials from the rest of the system, call \fBsetpag()\fR before running \fBaklog\fR. .SH FUNCTIONS .IX Header "FUNCTIONS" This module provides the following functions, none of which are exported by default: .IP \fBhasafs()\fR 4 .IX Item "hasafs()" Returns true if the local host is running an AFS client and false otherwise. .IP \fBhaspag()\fR 4 .IX Item "haspag()" Returns true if the current process is running inside a PAG and false otherwise. AFS tokens obtained outside of a PAG are visible to any process on the system outside of a PAG running as the same UID. AFS tokens obtained inside a PAG are visible to any process in the same PAG, regardless of UID. .IP \fBsetpag()\fR 4 .IX Item "setpag()" Creates a new, empty PAG and put the current process in it. This should normally be called before obtaining new AFS tokens to isolate those tokens from other processes on the system. Returns true on success and throws an exception on failure. .IP \fBunlog()\fR 4 .IX Item "unlog()" Deletes all AFS tokens in the current PAG, similar to the action of \&\fBkdestroy\fR on a Kerberos ticket cache. Returns true on success and throws an exception on failure. .SH DIAGNOSTICS .IX Header "DIAGNOSTICS" .ie n .IP "PAG creation failed: %s" 4 .el .IP "PAG creation failed: \f(CW%s\fR" 4 .IX Item "PAG creation failed: %s" \&\fBsetpag()\fR failed. The end of the error message will be a translation of the system call error number. .ie n .IP "Token deletion failed: %s" 4 .el .IP "Token deletion failed: \f(CW%s\fR" 4 .IX Item "Token deletion failed: %s" \&\fBunlog()\fR failed. The end of the error message will be a translation of the system call error number. .SH RESTRICTIONS .IX Header "RESTRICTIONS" This module currently doesn't provide the \fBk_pioctl()\fR or \fBpioctl()\fR function to make lower-level AFS system calls. It also doesn't provide the libkafs functions to obtain AFS tokens from Kerberos tickets directly without using an external ticket cache. This prevents use of internal Kerberos ticket caches (such as memory caches), since the Kerberos tickets used to generate AFS tokens have to be visible to an external \fBaklog\fR program. .SH AUTHOR .IX Header "AUTHOR" Russ Allbery .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBaklog\fR\|(1) .PP The current version of this module is always available from its web site at .