[AFS3-std] rxgk-afs SetCallBackKey: one token or two?

[Benjamin Kaduk]

The RXAFS_SetCallBackKey RPC MUST be called over an rxgk-secured 
connection (when being used with rxgk), and one of its arguments is an 
XDR-encoded token.  There is also a token used to secure the rx connection 
over which the RPC is made.  Do we expect these tokens to always be the 
same?  (The phrase "protected with a different cache manager identity" is 
used, which is a little ambiguous which token's identity would be 
relevant.)

The cache manager will need to keep around a token for AFSCombineTokens, 
and renew that one frequently.  Using the frequently renewed token for 
callback keys would potentially require both CM and fileserver to keep 
around lots of old keys for older callbacks (since the CM identity is not 
expected to change frequently these old callbacks need not be broken upon 
rekeying).  Having a separate CM token for callbacks which is only renewed 
upon expiry might be simpler, though it's unclear that doing so would 
completely eliminate the issue of storing old keys/tokens.

In any case, we should tighten up the language about which token's 
identity is used for checking whether the identity changed, and probably 
require the identities to be the same.

-Ben