Bob,
We are in basic agreement here. And that's is one of
the reasons why I want a hook in the PCI client side (login) and
a hook in the PCI-server to destroy the token if need be.
What I'ld like is for the PCI's client to ask the PC-I server get the
AFS token and have the PCI server to destroy it when the PCI client
goes away.
[FYI for non-PCI
folks, there as each client ``login's in'' a server running as that
user is created on the PC-I server host (in this case the AFS client)].
Now that I have trashed the solution let me explain that PCI does
not have the security problem that NFS has. PCI solves this problem
over NFS becuase the ``random'' users can not be forged - because
they do not share a particular server.
A very simple explaination of how PCI works... [very simplified]...
On each PCI server (a random UNIX machine) is some common UNIX user
code that runs as root [aka pcimapsvr & pciconsvr]. This
``common'' PC-I server code interacts during the PC client
side ``login'' process [and to handle other stuff ignored here].
Once client ``login'' is complete, the common code forks
specific UNIX process [aka pcidossvr] that is per ``PC'' that runs
as that person [i.e. clemc/bob/dmr etc]. It is the pcidossvr
process that does a work on behalf of a user.
Thus, in order the use the AFS token [which is shared in the AFS client
cache], a random PC must still reconnect the the PC-I server.
Since the PC-I ``sessions'' are not shared, you get protection.
NFS uses a common set of remote processes for everyone, hense once the
AFS authenication is done, an other system that can forge a UID
has access. Hense you have a hole.
Clem
