[OpenAFS-devel] Re: [PATCH] in-core AFS multiplexor and PAG support
Jan Harkes
jaharkes@cs.cmu.edu
Tue, 13 May 2003 22:02:56 -0400
On Tue, May 13, 2003 at 05:14:21PM -0500, Douglas E. Engert wrote:
> Jan Harkes wrote:
> > PAG != tokens.
> >
> > PAG is a simple unique session identifier. AFS, Coda and DCE/DFS happen
> > associate credentials with a session.
> >
> > But there is no reason why multiple PAG's can't map to the same set of
> > credentials.
>
> True. But traditionally with AFS or DCE at lest they have not. Each had its
> own set of credentials, and the PAG was only defined to allow the credentials
> to be shared.
Actually, the PAG was defined to temporarily disable membership in one
or more groups. Every process would normally run in PAG 0, and the
credentials were shared based on the uid. When a user wanted to
'restrict' rights he would initiate a new PAG which provided a more
limited environment.
This is my interpretation of the AFS paper that documents the original
security policies of AFS as it was initially deployed on November 11,
1986.
Integrating Security in a Large Distributed System (# 12)
Satyanarayanan, M.
ACM Transactions on Computer Systems
Aug. 1989, Vol. 7, No. 3, pp. 247-280
http://www-2.cs.cmu.edu/afs/cs/project/coda-www/ResearchWebPages/docdir/sec89.pdf
The process authentication group is described on pages 22-23 in the
pdf, 268-269 in the original ACM publication.
Jan