[OpenAFS] What's a PAG? (was Re: What's the status of 2.6 linux
kernel support?)
Jeffrey Hutzelman
jhutz@cmu.edu
Mon, 09 Aug 2004 11:01:45 -0400
On Thursday, August 05, 2004 08:50:34 -0400 "Todd M. Lewis"
<utoddl@email.unc.edu> wrote:
> Oooh, a good easy question to start the day! Here's a cut-n-paste from
> the pagsh docs: ------- 8>< 8>< 8>< -------------
> A PAG is a number guaranteed to identify the issuer of commands in the
> new shell uniquely to the local Cache Manager. The PAG is used, instead
> of the issuer's UNIX UID, to identify the issuer in the credential
> structure that the Cache Manager creates to track each user.
And that, my friends, is the source of all this confusion.
A PAG is not a number.
A PAG is not a set of credentials.
PAG stands for "Process Authentication Group".
A PAG is a group of processes that share the same authentication context.
One more time, because this is important:
A PAG is not a number or a set of credentials; it is a group of processes.
In OpenAFS, a PAG happens to be _named_ by a number.
In OpenAFS, that number happens to be stored in the user's aux groups.
Neither of these facts is set in stone; it's just the way we do things now,
because it's worked for many years and across many platforms.
-- Jeffrey T. Hutzelman (N3NHS) <jhutz+@cmu.edu>
Sr. Research Systems Programmer
School of Computer Science - Research Computing Facility
Carnegie Mellon University - Pittsburgh, PA