[OpenAFS] uw-imap & tokens
chas williams - CONTRACTOR
Wed, 04 Apr 2007 17:05:11 -0400
In message <firstname.lastname@example.org>,David Howells writes:
>That's what appeared to be shown in Miles's "keyctl show" output:
> Session Keyring
> -3 --alswrv 0 0 keyring: _uid_ses.0
> 2 --alswrv 0 0 \_ keyring: _uid.0
> 29391168 ----s--v 0 0 \_ afs_pag: _pag
>That would seem to be odd, given that the AFS code appears to forcibly replace
>the session keyring when setpag() is invoked.
the keyring being owned by uid 0 means that setpag() was called by
someone running as uid 0. the afs pag is always uid = 0 so that users
cant modify the key and discern its contents.
not owning the keyring used to be a problem with earlier version of
the keyring code as i recall. this explains the 'extra' permission
i dont know what created the _uid.0 keyring.
>Is it possible that Miles has an older version of that piece of code?