[OpenAFS] Problems between group-based PAGs and linux kernel keyrings

Harald Barth haba@kth.se
Wed, 17 Jun 2009 22:36:31 +0200 (CEST)


> Is this expected behaviour?  I would not have thought so.

I think there are many expectations what a "session" is and when
to start a new one. When pags are concerned, the keyring pags
have for me been behaving just like the group based pags, so
same old same, just different implementation. For example:

* One pag for all windows under one window manager/gdm

* New pag for each heimdal-telnetd connection

* New pag for each sshd login after moving of k_setpag() call

* Sysadmin configurable pag for heimdal-rshd connection

* Manual new pag with pagsh


> Also, someone at Stanford said that it is possible to compile openafs
> in such a way that it tries to rely completely on the new keyrings,
> disabling the special AFS groups.  Is this true?  How is it done?

If it looks like this:

$ keyctl show 
Session Keyring
       -3 --alswrv  22421    30  keyring: _ses.1667
217676737 ----s--v      0     0   \_ afs_pag: _pag

you are in an AFS that runs the keyring code. Turning the old
syscall way off is a benefit for situations where the detection
which one to use fails.

> And will this (probably not) make a difference to my difficulty?

I think you'll have to insert a "setpag" somewhere at a place 
where it suits your usage pattern.

Harald.