In message <[EMAIL PROTECTED]>,Rol and Kuhn writes: >You got me curious. I should probably watched this thread more >closely and maybe it would then be clear to me: Why should userspace >ever see a PAG identifier? What should it be able to do with it?
ideally, the userspace would be unaware of the pag and/or be able to read/write it. however, pags were stored in the group list which was the only thing available at the time. so users could see the pag and do unwise things. only root can change the group list so this atleast kept ordinary users from manipulating their group list. with the keyring, the pag is stored in the users session keyring. so the user can see the pag, but not its value (since the key doesnt have a read/update entry point). so the current keyring implementation is close to what would be ideal (with some exceptions regarding session managment when sharing with other keyring users). right now the keyring code puts back the pag groups but there is no paritcular reason for this. its just compatibility -- people expect to see the pag groups in the group list. _______________________________________________ OpenAFS-devel mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-devel
