[OpenAFS] uw-imap & tokens

chas williams - CONTRACTOR chas@cmf.nrl.navy.mil
Wed, 04 Apr 2007 17:05:11 -0400

In message <3190.1175718508@redhat.com>,David Howells writes:
>That's what appeared to be shown in Miles's "keyctl show" output:
>	Session Keyring
>	       -3 --alswrv      0     0  keyring: _uid_ses.0
>		2 --alswrv      0     0   \_ keyring: _uid.0
>	 29391168 ----s--v      0     0   \_ afs_pag: _pag
>That would seem to be odd, given that the AFS code appears to forcibly replace
>the session keyring when setpag() is invoked.

the keyring being owned by uid 0 means that setpag() was called by
someone running as uid 0.  the afs pag is always uid = 0 so that users
cant modify the key and discern its contents.

not owning the keyring used to be a problem with earlier version of
the keyring code as i recall.  this explains the 'extra' permission

i dont know what created the _uid.0 keyring.

>Is it possible that Miles has an older version of that piece of code?