[OpenAFS-devel] Re: setpag switch for afslog?

Douglas E. Engert deengert@anl.gov
Tue, 24 Feb 2004 10:26:19 -0600


Derek Atkins wrote:
> 
> Andrei Maslennikov <andrei@caspur.it> writes:
> 
> > On Mon, 23 Feb 2004, Russ Allbery wrote:
> >>
> >> I was, amusingly, completely unaware of its existence until about a year
> >> ago and have never used it, despite having used and then maintained AFS
> >> for more than ten years now, so I can attest that it's definitely not
> >> necessary.
> >>
> >
> >   I cannot agree with this. We need "setpag" or "krb5_afs_pag_env" to be
> >   able to obtain a pag-based token inside SSH in a cell that runs K5 KDC
> >   in the place of kaserver. It might violate some principles, but it is
> 
> Andrei, I think you misunderstood the statement.  We was not saying
> that he doesn't need setpag(); he was saying that he didn't need the
> functionality of setpag() where it sets the PAG in the parent process!
> Obviously we need some way to create a new PAG, and Russ wasn't denying
> that.

I also agree that the setting the PAG of the parent isn't a good idea
even if it appears to be convenient. With PAM and other dynamic loaded
plugins, the PAG could be set form one of these. 

> 
> -derek
> 
> --
>        Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
>        Member, MIT Student Information Processing Board  (SIPB)
>        URL: http://web.mit.edu/warlord/    PP-ASEL-IA     N1NWH
>        warlord@MIT.EDU                        PGP key available
> _______________________________________________
> OpenAFS-devel mailing list
> OpenAFS-devel@openafs.org
> https://lists.openafs.org/mailman/listinfo/openafs-devel

-- 

 Douglas E. Engert  <DEEngert@anl.gov>
 Argonne National Laboratory
 9700 South Cass Avenue
 Argonne, Illinois  60439 
 (630) 252-5444