[OpenAFS-devel] PAGs/tokens/threads

Derrick Brashear shadow@gmail.com
Fri, 7 Aug 2009 10:47:54 -0400


On Fri, Aug 7, 2009 at 10:45 AM, Jeffrey
Altman<jaltman@secure-endpoints.com> wrote:
> Derrick Brashear wrote:
>> On Fri, Aug 7, 2009 at 10:11 AM, Jeffrey
>> Altman<jaltman@secure-endpoints.com> wrote:
>>> Chas Williams (CONTRACTOR) wrote:
>>>> calling it a pag is a misnomer though at this point. =A0oh well.
>>> What we are discussing is not a PAG but a Thread Authentication
>>> Credential which when set overrides the process credential as obtained
>>> from the PAG or uid.
>>
>> It's not necessarily a single credential; it could also be a group.
>
> I've always associated "Group" to be the group of processes, not the
> group of tokens.
That's a reasonable interpretation. And in that vein, leaving
ourselves open to allow (later) a group of threads to share creds also
seems smart.