[OpenAFS-devel] setgroups() fails to change pag under linux 2.6
David Thompson
thomas@cs.wisc.edu
Wed, 19 Jul 2006 08:21:30 -0500
Ken Hornstein wrote:
>>Yes and no. The issue in our application is that we need to make many
>>authentications quickly (mostly for the same pts ids over and over), and
>>cannot afford the 1 pag per second cost to create a new pag each time we need
>
>>one.
>
>I guess I am missing something. How come you need to get a new pag to
>reauthenticate?
Think things like web servers that run authenticated as the (each) web page author. Or, <scream volume="primal"> think things like authenticated mail delivery.</scream> In either case, I have to authenticate as the same principal over and over, and I can't wait for a new pag for each request. So, I create (and authenticate) a pag for each principal, and I can authenticate quickly via a setgroups() call to select the appropriate authentication (pag).
Our implementation consists of more than that, but that's the core of it.
Dave Thompson
UW-Madison