[OpenAFS-port-darwin] aklog/afslog at console login and Mac OS
10.2
Ragnar Sundblad
ragge@nada.kth.se
Tue, 08 Oct 2002 22:46:21 +0200
--On den 8 oktober 2002 16:15 -0400 Dan Hyde <drh@umich.edu> wrote:
> OK, coming clean time. I'm running 10.2.1, with openafs-1.2.7, with
> the WindowServer shell script (which doesn't hang), but still not using
> aklog via the loginLogout plugin, but doing one in the background at
> login time (which started as Terminal/aklog, to .login, etc).
I see!
I assume for example the dock would have problems reading its
prefs if you don't either make your Library/Preferences publicly
readable? I don't really like the idea of doing that, all kinds
of stuff that is not intended for the general public could
possible go in there without the user even knowing about it.
> I have NOT tried the new method, and didn't think about SecurityAgent
> running in a different PAG then WindowServer. With all the juggling
> I've been trying, I didn't stop to verify that SecurityAgent isn't a
> child of WindowServer. Sorry for the confusion.
Well, it seems we are now all talking about the same things,
so we are gettings somewhere! :-)
> So, what should I tell Apple tomorrow when I meet with them to talk
> about this sort of issue?
I think we for now can get along using per-uid-tokens, but we
should probable discuss a better solution with them.
One mac(h)-ish idea is to use the same mach bootstrap port
context mechanisms that other parts of the OS uses and of which
I don't know very much. Their input and knowledge would be good.
One potential problem with per-uid-tokens is that the
SecurityAgent continues to run as root. If it wants to do
anything involving the users afs files it won't be able to.
There may be other similar situations.
There are other issues that would be nice if you talk to them
about, like for example the Finder behaving silly when tokens
aren't in place (with arla at least), it shows files that it
can't read with a thin outline (kind of gostish), but when you
select them they disappear. And of course there is the old
Finder-not-using-access()-call issue.
/ragge