[OpenAFS] Problems between group-based PAGs and linux kernel
keyrings
Harald Barth
haba@kth.se
Wed, 17 Jun 2009 22:36:31 +0200 (CEST)
> Is this expected behaviour? I would not have thought so.
I think there are many expectations what a "session" is and when
to start a new one. When pags are concerned, the keyring pags
have for me been behaving just like the group based pags, so
same old same, just different implementation. For example:
* One pag for all windows under one window manager/gdm
* New pag for each heimdal-telnetd connection
* New pag for each sshd login after moving of k_setpag() call
* Sysadmin configurable pag for heimdal-rshd connection
* Manual new pag with pagsh
> Also, someone at Stanford said that it is possible to compile openafs
> in such a way that it tries to rely completely on the new keyrings,
> disabling the special AFS groups. Is this true? How is it done?
If it looks like this:
$ keyctl show
Session Keyring
-3 --alswrv 22421 30 keyring: _ses.1667
217676737 ----s--v 0 0 \_ afs_pag: _pag
you are in an AFS that runs the keyring code. Turning the old
syscall way off is a benefit for situations where the detection
which one to use fails.
> And will this (probably not) make a difference to my difficulty?
I think you'll have to insert a "setpag" somewhere at a place
where it suits your usage pattern.
Harald.