[OpenAFS-devel] [LKML] Re: In-kernel Authentication Tokens (PAGs)
Frank Bagehorn
FBA@zurich.ibm.com
Wed, 14 Jul 2004 12:04:23 +0200
> Then there is the question about default PAGs and the PAG jail. I'm
still
> not sure if those are necessary or even desirable. The way the current
AFS
> implementations seems to work is that if you don't have an allocated PAG
> (PAG@localhost session key?), your uid is used as the key under which to
> store your tokens. This is handy as you don't need to initialize tokens
for
> every login if you do several.
And it becomes a problem in a case where e.g. several admins log into the
root account.
You do want them to have separate PAGs with their credential. You don't
want to get another admins
AFS token just because he logged in...
----------------------------------------------------------------------
Dr. Frank Bagehorn
Manager Workstation & Server ZRL IS
IBM Zurich Research Lab.
Saeumerstr. 4
CH-8803 Rueschlikon
Switzerland
----------------------------------------------------------------------
SMTP: fba@zurich.ibm.com
Notes: Frank Bagehorn/Zurich/IBM@IBMCH
phone: ++41 (01) 724 83 23 fax: ++41 (01) 724 89 59