[OpenAFS-devel] Re: openafs / opendfs collaboration
Jeffrey Hutzelman
jhutz@cmu.edu
Tue, 25 Jan 2005 19:11:56 -0500
[ Ugh. As I've been working on this message, I've found myself saying the
same thing in different ways in different places, just because I'm trying
to answer your comments in order. In the interest of clarity, I'm
reordering things somewhat. Please bear with me... ]
> The session key is _NOT_ a UNIX session, but a key shared across all
> processes descended via fork/vfork/clone/exec from the process where
> the keyring is originally set.
Ok. That's not the impression I got from previous discussion and from what
I read of the documentation in earlier versions of David's code. I stand
corrected, and thank you for clearing up the misunderstanding.
> My main point is, why do we need PAGs? You don't just have to store
> credentials in a keyring, you can store a (single) shared connection.
Things a PAG is not:
- a set of credentials
- a place to store things
- a 32-bit number
- a pair of funny groups
A PAG is a set of processes. In fact, it's very nearly identical to what
you called a "key session". We do in fact need PAG's, or something
equivalent. And, we need a way to "name" PAG's, so that we can label other
data structures as to which PAG they belong to.
We're not tied to labelling PAG's with a 32-bit integer. It could easily
be something else, like a larger integer or a pointer.
We're certainly not tied to representing processes' PAG membership as
groups. It's just a kludge to get the job done. We hate it as much as
anyone else. But it does get the job done.
However, we do need to be able to label open connections and cached access
rights as to what PAG they belong to. Note that we're not talking about
one open connection per PAG; we're talking about one open connection per
PAG per fileserver. And we're not talking about a cached set of groups or
SID's or something; we're talking about cached data on individual files
indicating what operations we are allowed to do on that file. So, it's not
a couple of items per PAG; it could be in the tens of thousands.
We already have data structures and code which manages this information.
That code is cross-platform, and we'd like to keep it that way.
Introducing a pervasive platform-dependent difference in behaviour does not
improve the maintainability of our code.
So, my question is... what do I use as a label?
>>> It's very fast, simple, and well designed
>>
>> Says the guy who designed it. :-)
>
> I didn't design or write it. :-P I helped out David Howells by
> commenting on his code and design, but I did not code a single line for
> it.
Hm; that wasn't the impression I got during our previous discussion, around
the time some of the design work was happening. But OK. I suppose I
should say for the benefit of others reading that I wasn't trying to
devalue your comment, just giving credit where I thought it was due.
We really do appreciate all the work you and David have done on this.
-- Jeff