[OpenAFS-port-darwin] aklog/afslog at console login and Mac OS 10.2
David Botsch
dwb7@ccmr.cornell.edu
Tue, 8 Oct 2002 17:09:59 -0400
Two things I would talk to Apple about:
1. the logging in with a pag, authing against afs and getting tokens so
we can have home dirs in afs space
2. fixing the finder so that it doesn't just look at the uid/gid to
decide if someone has access to a file/folder.
On 2002.10.08 16:46 Ragnar Sundblad wrote:
>
>
> --On den 8 oktober 2002 16:15 -0400 Dan Hyde <drh@umich.edu> wrote:
>
>> OK, coming clean time. I'm running 10.2.1, with openafs-1.2.7, with
>> the WindowServer shell script (which doesn't hang), but still not
>> using
>> aklog via the loginLogout plugin, but doing one in the background at
>> login time (which started as Terminal/aklog, to .login, etc).
>
> I see!
> I assume for example the dock would have problems reading its
> prefs if you don't either make your Library/Preferences publicly
> readable? I don't really like the idea of doing that, all kinds
> of stuff that is not intended for the general public could
> possible go in there without the user even knowing about it.
>
>> I have NOT tried the new method, and didn't think about SecurityAgent
>> running in a different PAG then WindowServer. With all the juggling
>> I've been trying, I didn't stop to verify that SecurityAgent isn't a
>> child of WindowServer. Sorry for the confusion.
>
> Well, it seems we are now all talking about the same things,
> so we are gettings somewhere! :-)
>
>> So, what should I tell Apple tomorrow when I meet with them to talk
>> about this sort of issue?
>
> I think we for now can get along using per-uid-tokens, but we
> should probable discuss a better solution with them.
> One mac(h)-ish idea is to use the same mach bootstrap port
> context mechanisms that other parts of the OS uses and of which
> I don't know very much. Their input and knowledge would be good.
>
> One potential problem with per-uid-tokens is that the
> SecurityAgent continues to run as root. If it wants to do
> anything involving the users afs files it won't be able to.
> There may be other similar situations.
>
> There are other issues that would be nice if you talk to them
> about, like for example the Finder behaving silly when tokens
> aren't in place (with arla at least), it shows files that it
> can't read with a thin outline (kind of gostish), but when you
> select them they disappear. And of course there is the old
> Finder-not-using-access()-call issue.
>
> /ragge
>
>
> _______________________________________________
> port-darwin mailing list
> port-darwin@openafs.org
> https://lists.openafs.org/mailman/listinfo/port-darwin
--
********************************
David William Botsch
Consultant/Advisor II
CCMR Computing Facility
dwb7@ccmr.cornell.edu
********************************