[OpenAFS] Re: Authentication without aklog
Thu, 31 Jul 2014 17:18:49 -0500
On Thu, 31 Jul 2014 20:41:08 +0000
Brandon Allbery <firstname.lastname@example.org> wrote:
> I think this also kills off PAGs pretty effectively, unless the
> equivalent of rpc.gssd has some privileged access to all PAGs and a
> way to map a given access to its PAG.
This certainly would have information about PAGs, since it goes through
the kernel module.
But anyways, I think the idea that this makes PAGs useless is only
really at all true for the first option I mentioned (global
rpc.gssd-like behavior). And even then, pags still seem like they can be
used to a limited degree, but maybe not as usefully. As in, the
rpc.gssd-like behavior can be a fallback, but you can still explicitly
set tokens; so different pags could still have different credentials in
And like you mentioned, some people don't care about PAGs, so even if
this makes PAGs useless, that's not necessarily a problem.