[OpenAFS] uw-imap & tokens
Thu, 05 Apr 2007 15:20:40 +0100
chas williams - CONTRACTOR <firstname.lastname@example.org> wrote:
> i dont have read or update ops now. i dont think this would be sufficient
> since the afs_pag key type still has to have an instantiate op which
> the user could call. i dont want users creating session keyrings and
> arbitrary pags trying to join existing pags. particulary since pags are
> given out in a serial fashion. (someone should fix this).
If you don't want userspace creating keys of a particular type, then prefix
the type name with a "." (see security/keys/request_key_auth.c).