[EMAIL PROTECTED] writes:
>Creating a new PAG from within a program is really simple. Below is a
>sample bit of code that shows how to use the "setpag()" call to do the
>job. You can tell what PAG you're in with the Unix "groups" command.
>The program calls that command before and after to demonstrate that
>a new PAG was really created.
There is a problem, though, on rs6k's with this approach, though.
We have our modified version of xdm to do afs authentication. XDM forks
every time it receives a request to manage a display. In this child
process which manages an individual display we do a setpag(). On rs6k's,
after some number of setpag()'s, all of the sudden pag generation will
fail, and continue to fail, until we restart xdm (which also causes all
people currently connected to be logged out..). The number of times
you call setpag() before this fails is non deterministic. We have reported
this problem to transarc several times and we are still waiting for a fix.
We have a good number of xstations being served by rs6k's, as well as rs6k
console machines. We can not use xdm on any of these machines because of
this failure (what happens is the KAS authentication call is done as
root, and if the setpag() call fails the authentication gets associated
with the uid 0, not with a pag within which the user's session will reside.
We would really really like to use xdm (for security reasons), but can not.
We have reached the point where I am now building AFS from source
with some extra debugging added at RPI since we are now trapped
between a rock and a hard place in order to find this.
So, if you want to use setpag() in your programs, beware if you do it
on rs6k's. (The problem seems to only occur if you have a program
which fork()'s (if you do an exec() after your fork, and before your call to
setpag(), you are safe, though.))
--
- You ever have one of those days where you just want to teleport in
- somewhere, destroy a couple of monsters, do some property damage,
- then teleport out?
** internet: [EMAIL PROTECTED] ** bitnet: [EMAIL PROTECTED]
