[OpenAFS] uw-imap & tokens

David Howells dhowells@redhat.com
Thu, 05 Apr 2007 15:20:40 +0100

chas williams - CONTRACTOR <chas@cmf.nrl.navy.mil> wrote:

> i dont have read or update ops now.  i dont think this would be sufficient
> since the afs_pag key type still has to have an instantiate op which
> the user could call.  i dont want users creating session keyrings and
> arbitrary pags trying to join existing pags.  particulary since pags are
> given out in a serial fashion.  (someone should fix this).

If you don't want userspace creating keys of a particular type, then prefix
the type name with a "." (see security/keys/request_key_auth.c).