We're currently (on opeanfs-devel) discussing a new mechanism for
storing tokens in the kernel - this new mechanism is required to
support new security layers such as rxgk and rxk5. There have been a
significant number of posters advocating removing the 'change the PAG
of my parent' feature, which is used by aklog -setpag, amongst others.
A process would still be able to change its own PAG.
There are numerous technical reasons for wanting to make this change.
This functionality is very difficult to implement in a cross-platform
manner, without exposing ourselves to all sorts of kernel races. On
some platforms (such as Linux) it works on some kernel versions, but
not on others. Things would be made considerably easier if this
feature went away.
Based on current developer feedback, I'm planning on removing the
setpag functionality from the new interface. However, before making
the final decision, I'm very interested in hearing the views of
deployers and end users? How many of you rely on aklog -setpag? How
difficult would things be for you if it went away in some future major
release [*]?
Thanks,
Simon
[*] Whilst I can't commented for the gatekeepers, I'd imagine that
this kind of thing would only change with a major release hike, and
certainly not before 1.8 given the current release plans.
_______________________________________________
OpenAFS-info mailing list
[email protected]
https://lists.openafs.org/mailman/listinfo/openafs-info
