[OpenAFS-devel] [LKML] Re: In-kernel Authentication Tokens (PAGs)

David Thompson thomas@cs.wisc.edu
Tue, 13 Jul 2004 08:34:57 -0500


We also currently use the "Join a previously defined PAG" functionality.  We 
make use of it only because of the "1 PAG per second" rule (we need 
authentications more frequently than once per second for web applications, for 
example).  I would delight to switch to an interface that would simply let me 
create a new authentication context without a time constraint (and then 
authenticate it from a file-based credential).

Dave

"Neulinger, Nathan" wrote:
>> OpenAFS does not care about the inverse operation of (a): given an
>> authentication context, find all of the subject processes which belong
>> thereto.  OpenAFS does not permit any variations on (b).
>
>Actually, that's not entirely true. With superuser privs you can
>definately
>join another pag, it just isn't code-friendly. You just have to know
>what the current integer values for the PAG are and set them in your
>group list. 
>
>However, since I'm one of the few people making use of that, and since
>it's to manually implement something that OpenAFS should now do natively
>on linux, I'm not sure it's a problem to drop it.
>
>-- Nathan
>
>_______________________________________________
>OpenAFS-devel mailing list
>OpenAFS-devel@openafs.org
>https://lists.openafs.org/mailman/listinfo/openafs-devel