[OpenAFS-devel] nss_afspag

[Tim Abbott]

On Linux, AFS stores its PAG information in one or two fake GIDs. 
Unfortunately, AFS doesn't give the fake GIDs names, and thus a number of 
tools (like groups) get confused and return errors, for example:

$ groups > /dev/null
id: cannot find name for group ID 1106112751

This results in various programs that run groups (including WinSCP) to 
fail unecessarily.

We created a NSS module, libnss-afspag, to give the AFS PAG fake GIDs 
names.  libnss-afspag works by using the AFS's algorithm to check whether 
the GID being resolved is part of an AFS PAG, and if so, returns a name 
for the group of the form afspag-1106112751.

Obviously, if you're using the kernel keyring support, you don't need 
nss_afspag, but kernel keyring support doesn't seem to be used everywhere 
quite yet.

For more information, see <http://debathena.mit.edu/nss_afspag/>.

 	-Tim Abbott and Anders Kaseorg
 	MIT SIPB Debian-Athena Project