I think you're missing a key feature of pags here. you can have a process acquire credentials that:such that a userspace credential cache would be insufficient?
in other words, if i log in as user1 and create boat-loads of processes, is there _any_ circumstance under which any arbitrary user2 _needs_ access to the cached credentials of user1?
1) other processes with the same uid/gid cannot access.
2) are accessible to child processes with a differend uid/gid, unless specific actions are taken to drop access by an intermediat descendant/ancestor.
and yes, there are circumstances when changing effective uid needs NOT to drop access to my credentials. in particular, setuid programs run by me should retain access to my afs credentials.
-Matt Andrews
l.
--
<a href="http://lkcl.net";>http://lkcl.net</a>
--
_______________________________________________
OpenAFS-devel mailing list
[email protected]
https://lists.openafs.org/mailman/listinfo/openafs-devel
_______________________________________________ OpenAFS-devel mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-devel
