[OpenAFS-devel] Joinable PAG's
David Thompson
thomas@cs.wisc.edu
Mon, 19 May 2003 08:58:35 -0500
>At 7:53 PM -0500 5/15/03, Nathan Neulinger wrote:
>>Garance wrote:
>> > Note that if you did have join-able PAG's, it would not be
>>> based on the userid who first authenticated to it. We have
>>> people who use a shared account for access to local (unix)
>> > files, and then klog to separate AFS user accounts.
>>
>>> So, if you're going to have joinable PAG's, then you need to
>>> attach some password/authentication method which is specific
>>> to that PAG, and not related to any of the tokens which have
>> > been used in that PAG.
>>
>>Joinable pags is a purely administrative function, used by
>>almost nobody right now except for a few esoteric system
>>admin functions on select installations, certainly nothing
>>in a normal install/setup.
>>
>>If that capability is objectionable (most people didn't even
>>realize it was possible currently, and at that, only for
>>root/suid=0 procs)
If the credentials in the PAG (whether they are AFS credentials or potentially
someone else's) are easy to extract and/or insert, the ability to join a PAG
becomes much less important, IMO. The (shared) credentials can be stored
outside the kernel (in some object with conventional protections -- i.e.
normal file, database, credentials server, etc.) obtained when needed, and
inserted into a new PAG.
I'm writing an application to re-use PAGs, but that's only to get around the
1-pag-per-second problem.
--
Dave Thompson <thomas@cs.wisc.edu>
Associate Researcher Department of Computer Science
University of Wisconsin-Madison http://www.cs.wisc.edu/~thomas
1210 West Dayton Street Phone: (608)-262-1017
Madison, WI 53706-1685 Fax: (608)-262-6626
--