[OpenAFS] Removing the ability to change the PAG of the parent
Tue, 16 Feb 2010 19:36:28 CST
Thomas Kula <firstname.lastname@example.org> writes:
> On Wed, Feb 17, 2010 at 12:46:23AM +0000, Simon Wilkinson wrote:
> > We're currently (on opeanfs-devel) discussing a new mechanism for
> > storing tokens in the kernel - this new mechanism is required to
> > support new security layers such as rxgk and rxk5. There have been a
> > significant number of posters advocating removing the 'change the
> > PAG of my parent' feature, which is used by aklog -setpag, amongst
> > others. A process would still be able to change its own PAG.
> I'd dearly love to hear from folks who have a need for this
> functionality that can't be solved through some other process ---
> I don't think I've ever used this feature. It's always felt
> weird to me, and given that it does not consistently work I'd
> argue for it's removal.
I would think that the use case here is for people who can not
modify their "login" program, so "aklog -setpag" in a login
script does "the next best thing".