"James Peterson" <[EMAIL PROTECTED]> writes:
> The patch we have decided to try is to create a global user list (instead
> of a user list per LSN, logical Session Number) . This would make the
> assignment of tokens by userName/machineName rather than by LSN. If this
> patch works then we can add security by doing a one way hash of the
> userName/machineName.
Does this imply that I, as a user, cannot have multiple sets of
tokens? For example, I might want to create a special PAG (using the
Unix terms, a Process Authentication Group) so that I can have some
processes with sys:admin privs and other processes with me-as-a-user
privs. Or, I may want to use the same principal identity (kerberos
tickets) to authenticate to multiple AFS cells, but I want to keep
said authentication segregated.
I can certainly do either of these with the Unix client. It would be
nice if something similar could happen with the Windows client. I
don't think that 'username' is a fine-grained-enough control.
-derek
--
Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
Member, MIT Student Information Processing Board (SIPB)
URL: http://web.mit.edu/warlord/ PP-ASEL-IA N1NWH
[EMAIL PROTECTED] PGP key available
_______________________________________________
OpenAFS-devel mailing list
[EMAIL PROTECTED]
https://lists.openafs.org/mailman/listinfo/openafs-devel
