[OpenAFS] PAGs and group ids
Wed, 6 Jun 2007 16:52:25 +0200
On Tue, Jun 05, 2007 at 11:42:19AM -0400, Christopher Allen Wing wrote:
> There is no good, portable way to do this. The traditional way that OpenAFS kept track of PAGs was to
> assign a 24-bit identifier; this is then extended to a 32-bit integer by setting the first 8 bits to the
> ASCII value 'A' (for "AFS"), and letting the last 24 bits be the PAG ID.
> This number is then encoded into the two special group IDs to make it less likely that someone might
> accidentally end up with group IDs that happen to map to a PAG. See: (inside the OpenAFS source)
Yes, that's what I used until now.
> Some linux systems may not use the keyring; in that case, recent openafs uses only a single group ID instead
> of two group IDs to represent the PAG. Here, the single group ID is equal to the 32-bit PAG identifier.
> (i.e., the first 8 bits are equal to ASCII 'A' as mentioned previously)
Perfect - that's exactly what I was looking for.
> I suppose that it might be an option to add a utility program to OpenAFS at some point to determine this
> information. Out of curiosity, what are you trying to do that requires this?
I wrote a NSS-plugin (*) which assigns Names like "AfsPag..." to group IDs
which are expressing a PAG membership. It's just for not having mysterious
numbers in the /usr/bin/groups output.
Thank you very much,
(*) The plugin is part of the libnss-ptdb package which can be used to prevent
ldap/nis/... in AFS-cells.