[OpenAFS] Re: Problem with IP-Based ACLs

Adam Megacz megacz@cs.berkeley.edu
Fri, 04 May 2007 18:22:12 -0700


"Todd M. Lewis" <utoddl@email.unc.edu> writes:
> Or think about it another way. When you become a member of a new
> group, you (may) have to re-authenticate for the change to take effect
> for ACLs in a given directory.

Forgive my ignorance here... do AFS tokens include a (signed) list of
what groups you belong to?

Does this mean that removing somebody from a group doesn't revoke
their access until their current token expires?

  - a