.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.32) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .if !\nF .nr F 0 .if \nF>0 \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} .\} .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "AFS::PAG 3pm" .TH AFS::PAG 3pm "2014-07-28" "perl v5.24.1" "User Contributed Perl Documentation" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" AFS::PAG \- Perl bindings for AFS PAG manipulation .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& use AFS::PAG qw(hasafs setpag unlog); \& \& if (hasafs()) { \& setpag(); \& system(\*(Aqaklog\*(Aq) == 0 \& or die "cannot get tokens\en"; \& do_afs_things(); \& unlog(); \& } .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\s-1AFS\s0 is a distributed file system allowing cross-platform sharing of files among multiple computers. It associates client credentials (called \s-1AFS\s0 tokens) with a Process Authentication Group, or \s-1PAG. AFS::PAG\s0 makes available in Perl the \s-1PAG\s0 manipulation functions provided by the libkafs or libkopenafs libraries. .PP With the functions provided by this module, a Perl program can detect whether \s-1AFS\s0 is available on the local system (\fIhasafs()\fR) and whether it is currently running inside a \s-1PAG \s0(\fIhaspag()\fR). It can also create a new \s-1PAG\s0 and put the current process in it (\fIsetpag()\fR) and remove any \s-1AFS\s0 tokens in the current \s-1PAG \s0(\fIunlog()\fR). .PP Note that this module doesn't provide a direct way to obtain new \s-1AFS\s0 tokens. Programs that need \s-1AFS\s0 tokens should normally obtain Kerberos tickets (via whatever means) and then run the program \fBaklog\fR, which comes with most \s-1AFS\s0 distributions. This program will create \s-1AFS\s0 tokens from the current Kerberos ticket cache and store them in the current \s-1PAG.\s0 To isolate those credentials from the rest of the system, call \fIsetpag()\fR before running \fBaklog\fR. .SH "FUNCTIONS" .IX Header "FUNCTIONS" This module provides the following functions, none of which are exported by default: .IP "\fIhasafs()\fR" 4 .IX Item "hasafs()" Returns true if the local host is running an \s-1AFS\s0 client and false otherwise. .IP "\fIhaspag()\fR" 4 .IX Item "haspag()" Returns true if the current process is running inside a \s-1PAG\s0 and false otherwise. \s-1AFS\s0 tokens obtained outside of a \s-1PAG\s0 are visible to any process on the system outside of a \s-1PAG\s0 running as the same \s-1UID. AFS\s0 tokens obtained inside a \s-1PAG\s0 are visible to any process in the same \s-1PAG,\s0 regardless of \s-1UID.\s0 .IP "\fIsetpag()\fR" 4 .IX Item "setpag()" Creates a new, empty \s-1PAG\s0 and put the current process in it. This should normally be called before obtaining new \s-1AFS\s0 tokens to isolate those tokens from other processes on the system. Returns true on success and throws an exception on failure. .IP "\fIunlog()\fR" 4 .IX Item "unlog()" Deletes all \s-1AFS\s0 tokens in the current \s-1PAG,\s0 similar to the action of \&\fBkdestroy\fR on a Kerberos ticket cache. Returns true on success and throws an exception on failure. .SH "DIAGNOSTICS" .IX Header "DIAGNOSTICS" .ie n .IP "\s-1PAG\s0 creation failed: %s" 4 .el .IP "\s-1PAG\s0 creation failed: \f(CW%s\fR" 4 .IX Item "PAG creation failed: %s" \&\fIsetpag()\fR failed. The end of the error message will be a translation of the system call error number. .ie n .IP "Token deletion failed: %s" 4 .el .IP "Token deletion failed: \f(CW%s\fR" 4 .IX Item "Token deletion failed: %s" \&\fIunlog()\fR failed. The end of the error message will be a translation of the system call error number. .SH "RESTRICTIONS" .IX Header "RESTRICTIONS" This module currently doesn't provide the \fIk_pioctl()\fR or \fIpioctl()\fR function to make lower-level \s-1AFS\s0 system calls. It also doesn't provide the libkafs functions to obtain \s-1AFS\s0 tokens from Kerberos tickets directly without using an external ticket cache. This prevents use of internal Kerberos ticket caches (such as memory caches), since the Kerberos tickets used to generate \&\s-1AFS\s0 tokens have to be visible to an external \fBaklog\fR program. .SH "AUTHOR" .IX Header "AUTHOR" Russ Allbery .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fIaklog\fR\|(1) .PP The current version of this module is always available from its web site at .