[OpenAFS] PAG issues with ssh

[Russ Allbery]

Jim Rees <rees@umich.edu> writes:

> Why not acquire a new pag with no tokens when you start a service?
> That's what I do.

That's what I do too, but the PAG is still inherited by all processes
started by that service.  So, in the case of cron, if you have users who
obtain AFS tokens in cron jobs, they have to do it properly or they leak
their tokens to all other cron jobs on the system.

-- 
Russ Allbery (rra@stanford.edu)             <http://www.eyrie.org/~eagle/>