[OpenAFS] keyring support

Russ Allbery rra@stanford.edu
Wed, 15 Nov 2006 12:21:53 -0800


Ryan Underwood <nemesis-lists@icequake.net> writes:
> On Fri, Nov 10, 2006 at 03:43:11PM -0600, Ryan Underwood wrote:

>> What Linux kernel and what OpenAFS version are necessary for the
>> keyring pag support?  I am using 2.6.16 and OpenAFS 1.4.2 and pags are
>> still not being preserved across fork.

> Interesting.  It appears that an authenticated shell can fork and exec
> another process and that process has tokens, but an authenticated shell
> that forks and execs another shell results in a child shell with no
> tokens.  What would cause that?

I have no idea with keyrings, but if groups were being used, that sounds
exactly like the symptoms of not being able to interrupt the setgroups
system call.  Shells often call initgroups when they're started, which
will drop the PAG groups unless the setgroups system call is successfully
intercepted.

-- 
Russ Allbery (rra@stanford.edu)             <http://www.eyrie.org/~eagle/>