On Fri, 01 Aug 2014 16:08:29 -0700 Russ Allbery <ea...@eyrie.org> wrote:
> To take a step back, one difficulty I've been having with this whole > thread is how you get PAGs if you don't require some sort of PAM-like > thing to run during user login. The primary benefits of what I've been talking about are for situations without PAGs. The people that were bugging me the most about this either cannot use PAGs (because they cannot 'hook' the session creation), or don't care about them (single-end-user machine; manual krb5 cred acquisition). While PAGs are useful or even essential in some scenarios, at least for newcomers to AFS the reaction to PAGs (and 'aklog') more often tends to be "wtf is this" rather than "oh boy this is so great this is why I'm using AFS". For a lot of scenarios, UID-based access is fine, and tends to be more intuitive, since that's how everything besides AFS tends to work... There are some situations with PAGs where I think the behavior in this thread would still be useful, though they are not the motivation for this thread. I can go into this a little more as a curiosity if someone wants, but I'd rather make this discussion a bit simpler by just leaving it out for now. -- Andrew Deason adea...@sinenomine.net _______________________________________________ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info