[OpenAFS-devel] Re: [PATCH] in-core AFS multiplexor and PAG support
   
    Jan Harkes
     
    jaharkes@cs.cmu.edu
       
    Tue, 13 May 2003 22:02:56 -0400
    
    
  
On Tue, May 13, 2003 at 05:14:21PM -0500, Douglas E. Engert wrote:
> Jan Harkes wrote:
> > PAG != tokens.
> > 
> > PAG is a simple unique session identifier. AFS, Coda and DCE/DFS happen
> > associate credentials with a session.
> > 
> > But there is no reason why multiple PAG's can't map to the same set of
> > credentials. 
> 
> True. But traditionally with AFS or DCE at lest they have not. Each had its
> own set of credentials, and the PAG was only defined to allow the credentials
> to be shared. 
Actually, the PAG was defined to temporarily disable membership in one
or more groups. Every process would normally run in PAG 0, and the
credentials were shared based on the uid. When a user wanted to
'restrict' rights he would initiate a new PAG which provided a more
limited environment.
This is my interpretation of the AFS paper that documents the original
security policies of AFS as it was initially deployed on November 11,
1986.
    Integrating Security in a Large Distributed System  (# 12)
    Satyanarayanan, M.
    ACM Transactions on Computer Systems
    Aug. 1989, Vol. 7, No. 3, pp. 247-280 
http://www-2.cs.cmu.edu/afs/cs/project/coda-www/ResearchWebPages/docdir/sec89.pdf
    The process authentication group is described on pages 22-23 in the
    pdf, 268-269 in the original ACM publication.
Jan