[OpenAFS-devel] [LKML] Re: In-kernel Authentication Tokens (PAGs)

[Tomas Olsson]

Derek Atkins <warlord@MIT.EDU> writes:
> lpr, sendmail, or other apps that are setuid for local storage but
> need access to your credentials to talk to a network server?
> 
Yup.

The jail property of PAGs is interesting too. Is it a requirement (why?) or
just a side effect? Currently, you probably need to use a chroot jail too,
since there are usually tickets in /tmp. Or is that just until the keyrings
get in place and the krb5cc goes into the kernel?

/Tomas (merry-go-round)