[OpenAFS-devel] Re: openafs / opendfs collaboration

Jeffrey Hutzelman jhutz@cmu.edu
Tue, 25 Jan 2005 19:11:56 -0500 

[ Ugh.  As I've been working on this message, I've found myself saying the 
same thing in different ways in different places, just because I'm trying 
to answer your comments in order.  In the interest of clarity, I'm 
reordering things somewhat.  Please bear with me... ]



> The session key is _NOT_ a UNIX session, but a key shared across all
> processes descended via fork/vfork/clone/exec from the process where
> the keyring is originally set.

Ok.  That's not the impression I got from previous discussion and from what 
I read of the documentation in earlier versions of David's code.  I stand 
corrected, and thank you for clearing up the misunderstanding.


> My main point is, why do we need PAGs?  You don't just have to store
> credentials in a keyring, you can store a (single) shared connection.

Things a PAG is not:
- a set of credentials
- a place to store things
- a 32-bit number
- a pair of funny groups


A PAG is a set of processes.  In fact, it's very nearly identical to what 
you called a "key session".  We do in fact need PAG's, or something 
equivalent.  And, we need a way to "name" PAG's, so that we can label other 
data structures as to which PAG they belong to.

We're not tied to labelling PAG's with a 32-bit integer.  It could easily 
be something else, like a larger integer or a pointer.

We're certainly not tied to representing processes' PAG membership as 
groups.  It's just a kludge to get the job done.  We hate it as much as 
anyone else.  But it does get the job done.

However, we do need to be able to label open connections and cached access 
rights as to what PAG they belong to.  Note that we're not talking about 
one open connection per PAG; we're talking about one open connection per 
PAG per fileserver.  And we're not talking about a cached set of groups or 
SID's or something; we're talking about cached data on individual files 
indicating what operations we are allowed to do on that file.  So, it's not 
a couple of items per PAG; it could be in the tens of thousands.

We already have data structures and code which manages this information. 
That code is cross-platform, and we'd like to keep it that way. 
Introducing a pervasive platform-dependent difference in behaviour does not 
improve the maintainability of our code.


So, my question is...  what do I use as a label?



>>> It's very fast, simple, and well designed
>>
>> Says the guy who designed it. :-)
>
> I didn't design or write it. :-P  I helped out David Howells by
> commenting on his code and design, but I did not code a single line for
> it.

Hm; that wasn't the impression I got during our previous discussion, around 
the time some of the design work was happening.  But OK.  I suppose I 
should say for the benefit of others reading that I wasn't trying to 
devalue your comment, just giving credit where I thought it was due.

We really do appreciate all the work you and David have done on this.


-- Jeff