Hi Ken,
On Mar 21, 2006, at 10:07 AM, Ken Hornstein wrote:
The problem is that AFS tokens are "short lived" secrets; you get a
new
one every time you re-authenticate to Kerberos. Maybe you could
fit it
in there, but it's not obvious to me how you would do it. I think to
really make it work you'd need to extend how Keychain works.
This sounds like it would make an excellent DTS support question. Do
any of the people working on this code have an ADC Select Membership
they could use to ask about this? If not, let me know who the right
person is on your end, and I'll get them hooked up.
Shifting gears a bit ... as long as we're talking about OpenAFS, MacOS
X, and the AFS token, it would be useful if we could reference AFS
tokens by the MacOS Security Session (the one that's created by
SessionCreate()), rather than by userid as we do now. I guess all we
would really need from the MacOS side is a way inside of the kernel
to know what session a particular process belongs to. This would
let us do PAGs the "right" way on MacOS X.
This sounds like an excellent Apple bug report/feature request.
Could you please file that -- being as specific as possible -- and
send me the bug number?
http://developer.apple.com/bugreporter/
Thanks,
-- Ernie P.
_______________________________________________
OpenAFS-devel mailing list
[email protected]
https://lists.openafs.org/mailman/listinfo/openafs-devel
