Switch to AFS command parser style
The OpenAFS aklog was originally developed and distributed independent of OpenAFS and therefore did not depend upon the AFS command parser. As a result the parser does not behave consistently with the other command line tools.
AuriStorFS aklog has been re-implemented to use AuriStor's implementation of the AFS command parser which can read settings from configuration files. The new usage is
Usage: aklog [-debug | -d]
[-target <[-k <realm>] [-token-levels <security levels list>] path or cell, and realm to authenticate to>+]
[-path | -p <[-k <realm>] [-token-levels <security levels list>] path and realm to authenticate to>+]
[-cell | -c <[-k <realm>] [-token-levels <security levels list>] cell and realm to authenticate to>+]
[-noprdb] [-force] [-linked]
[-principal <principal to use for authentication>]
[-keytab <keytab to use for authentication>]
[-cache | -ccache <credentials cache name>]
[-config <configuration file>] [-help]
Where: -debug enable debug output
-noprdb do not try to determine user ID
-force replace existing tickets
-linked if cell is linked, try bothwhich attempts to be compatible with OpenAFS aklog for the most common usage of "aklog", "aklog -d", "aklog -d cellname" while better supporting multiple cell token acquisition.
The -token-levels are for rxgk and augment per-cell configuration read from /etc/yfs/yfs-client.conf.
SECURITY LEVELS
For commands that can obtain tokens, security levels can also be specified in the configuration. The command specific section (ex: [aklog]) or the [defaults] section may contain a token-security-levels subsection to specify per cell default security levels, as well as a global security levels default.
For example, with this configuration:
[defaults]
token-security-levels = {
default = crypt,auth,clear
your-cell-name.com = clear,auth,crypt
}The levels clear,auth,crypt will apply for cell your-cell-name.com, and crypt,auth,clear will apply for any other cell.
This setting specifies a comma-separated ordered list of one or more security levels: crypt, auth and clear. When supported by an RX security class, the list indicates the acceptable security levels and order of preference. The crypt level provides wire privacy and integrity protection. The auth level provides integrity protection but not wire privacy. The clear level provides neither wire privacy nor integrity protection. The default list is crypt,auth,clear.
The yfs-rxgk security class supports negotiated levels. The levels requested by the user are passed to the cell's RXGK service which compares them to service security policies prior to generating authentication tokens. By default, yfs-rxgk tokens are issued requiring the crypt mode.
The rxkad and rxnull security classes ignore this option.