[OpenAFS] Re: "vos dump" authorization based on "bos adduser"?

Derrick J Brashear shadow@dementia.org
Fri, 8 Jun 2007 11:06:50 -0400 (EDT)

On Fri, 8 Jun 2007, Adam Megacz wrote:

> Derrick J Brashear <shadow@dementia.org> writes:
>>>>>> -localauth. (but aklog doesn't *require* ptserver; see afslog)
>>>> bosserver can't depend on ptserver..
>>> you indicate above that "-localauth" should be used in situations
>>> where bosserver must be used without any running ptservers?
>> That's bos. i said "bosserver can't depend on ptserver".
> Ok, point taken.  Still,
>> How does the bosserver decide you're eligible if there's no ptserver?
> Okay, take 2: first, bosserver checks the request to see if it was
> directly signed with the KeyFile (ie you invoked bos with -localauth).
> Since it has the KeyFile, it should be able to do this without the
> help of ptserver.  If this is the case, it permits your request.  If
> not, it tries to contact ptserver.  If it is unable to contact the
> ptserver, it rejects your request.
> Is your concern that in the all-ptservers-are-down case, this leaves a
> thread/lwp on the bosserver waiting for a reply from the ptserver?  I
> guess I can appreciate that that is sort of inelegant, but aren't
> there lots of places where stuff like this happens in the server code?

Sure. Why do we want to add more?