Russ Allbery <[EMAIL PROTECTED]> writes: > A PAG is nothing more or less than a group membership, from the > perspective of a user process. If threads can be in different groups, > yes; otherwise, no.
Ah, that's too bad. On Linux you can have different threads with different UIDs/GIDs in a single process, but this is considered a bug and is slated to go away (apprently pthreads doesn't do this). Worst case I guess I'll just serialize all AFS operations through a single thread that gets/drops tokens for each request. Performance will be pretty bad, but it should meet our short-term needs. I got an out-of-band email with a rumor about a possibly-soon-to-be-open-source library that lets you specify tokens on a per-call basis... we'll see if that pans out. > Yeah, this is a standard problem. Most sites work around it by creating a > special identity for the web server and then giving that identity access > to the directories that it needs to access explicitly. I actually want to offer "full" access to AFS via WebDav (with a webpage for changing/viewing ACLs, etc) -- not just files that people specifically designate for this service. The idea is for WebDAV to be just another (though inferior) protocol that can be used to access a single filestore. The ideas is that the two popular "end-user" OSes (Windows and MacOS) both have built-in WebDav support, so people will be able to make their AFS files available to "casual" users who for some reason don't want to install the client. As those people start using it more, they'll eventually come to understand the value of shared AFS filespace and get over the psychological barrier of installing new software (never underestimate this!). I think that this is a very promising adoption path. The try-before-you-buy aspect will go a long way. - a -- PGP/GPG: 5C9F F366 C9CF 2145 E770 B1B8 EFB1 462D A146 C380 _______________________________________________ OpenAFS-devel mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-devel
