[OpenAFS] Re: Problem with IP-Based ACLs
Derrick J Brashear
Fri, 4 May 2007 23:35:40 -0400 (EDT)
On Fri, 4 May 2007, Adam Megacz wrote:
> "Todd M. Lewis" <email@example.com> writes:
>> Or think about it another way. When you become a member of a new
>> group, you (may) have to re-authenticate for the change to take effect
>> for ACLs in a given directory.
> Forgive my ignorance here... do AFS tokens include a (signed) list of
> what groups you belong to?
no. just a timestamp.
> Does this mean that removing somebody from a group doesn't revoke
> their access until their current token expires?
it does anyway
> - a
> OpenAFS-info mailing list