[OpenAFS-devel] [LKML] Re: In-kernel Authentication Tokens (PAGs)

Neulinger, Nathan nneul@umr.edu
Tue, 13 Jul 2004 09:24:02 -0500


What is this 1 pag per second thing... I have heard it numerous times in
the past but never saw any concrete info about it.=20

------------------------------------------------------------
Nathan Neulinger                       EMail:  nneul@umr.edu
University of Missouri - Rolla         Phone: (573) 341-6679
UMR Information Technology             Fax: (573) 341-4216
=20

> -----Original Message-----
> From: David Thompson [mailto:thomas@cs.wisc.edu]=20
> Sent: Tuesday, July 13, 2004 8:35 AM
> To: Neulinger, Nathan
> Cc: Garrett Wollman; Jeffrey Hutzelman; openafs-devel@openafs.org
> Subject: Re: [OpenAFS-devel] [LKML] Re: In-kernel=20
> Authentication Tokens (PAGs)=20
>=20
>=20
> We also currently use the "Join a previously defined PAG"=20
> functionality.  We=20
> make use of it only because of the "1 PAG per second" rule (we need=20
> authentications more frequently than once per second for web=20
> applications, for=20
> example).  I would delight to switch to an interface that=20
> would simply let me=20
> create a new authentication context without a time constraint=20
> (and then=20
> authenticate it from a file-based credential).
>=20
> Dave
>=20
> "Neulinger, Nathan" wrote:
> >> OpenAFS does not care about the inverse operation of (a): given an
> >> authentication context, find all of the subject processes=20
> which belong
> >> thereto.  OpenAFS does not permit any variations on (b).
> >
> >Actually, that's not entirely true. With superuser privs you can
> >definately
> >join another pag, it just isn't code-friendly. You just have to know
> >what the current integer values for the PAG are and set them in your
> >group list.=20
> >
> >However, since I'm one of the few people making use of that,=20
> and since
> >it's to manually implement something that OpenAFS should now=20
> do natively
> >on linux, I'm not sure it's a problem to drop it.
> >
> >-- Nathan
> >
> >_______________________________________________
> >OpenAFS-devel mailing list
> >OpenAFS-devel@openafs.org
> >https://lists.openafs.org/mailman/listinfo/openafs-devel
>=20
>=20
>=20