[OpenAFS] Re: refuse to grant tokens to a process without a PAG?
If I were to add support for this, where would be the best place to put the configuration option (afsd command line flag, perhaps)? - a Derrick J Brashear [EMAIL PROTECTED] writes: Not currently On Fri, 16 Mar 2007, Adam Megacz wrote: Is there any option for the OpenAFS client that will cause it to refuse to associate tokens with a userid (rather than a PAG)? This is the default behavior when aklog is invoked outside of a PAG -- any tokens get associated with all processes under that userid which do not have a PAG. I'm wondering if there is a way to simply refuse to offer tokens in this case -- force the user to get into a PAG before letting them get tokens. - a -- PGP/GPG: 5C9F F366 C9CF 2145 E770 B1B8 EFB1 462D A146 C380 ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info -- PGP/GPG: 5C9F F366 C9CF 2145 E770 B1B8 EFB1 462D A146 C380 ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] Re: refuse to grant tokens to a process without a PAG?
On Mon, 19 Mar 2007, Adam Megacz wrote: If I were to add support for this, where would be the best place to put the configuration option (afsd command line flag, perhaps)? yet another afsd flag? ick. the generic pioctl (which takes a parameter and a value) and a parameter for this, is the right thing to do, and then if you want to set it, set it after running afsd of course, there are other things which should work this way. This is the default behavior when aklog is invoked outside of a PAG -- any tokens get associated with all processes under that userid which do not have a PAG. I'm wondering if there is a way to simply refuse to offer tokens in this case -- force the user to get into a PAG before letting them get tokens. ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] Re: refuse to grant tokens to a process without a PAG?
On Sat, 17 Mar 2007, Adam Megacz wrote: Related question: if a given process has a PAG, is it possible for it to spawn a process with no PAG (ie tokens get associated to the userid, not a PAG)? Not currently. ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
[OpenAFS] Re: refuse to grant tokens to a process without a PAG?
Related question: if a given process has a PAG, is it possible for it to spawn a process with no PAG (ie tokens get associated to the userid, not a PAG)? - a Derrick J Brashear [EMAIL PROTECTED] writes: Not currently On Fri, 16 Mar 2007, Adam Megacz wrote: Is there any option for the OpenAFS client that will cause it to refuse to associate tokens with a userid (rather than a PAG)? This is the default behavior when aklog is invoked outside of a PAG -- any tokens get associated with all processes under that userid which do not have a PAG. I'm wondering if there is a way to simply refuse to offer tokens in this case -- force the user to get into a PAG before letting them get tokens. - a -- PGP/GPG: 5C9F F366 C9CF 2145 E770 B1B8 EFB1 462D A146 C380 ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info -- PGP/GPG: 5C9F F366 C9CF 2145 E770 B1B8 EFB1 462D A146 C380 ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] Re: refuse to grant tokens to a process without a PAG?
Adam Megacz [EMAIL PROTECTED] writes: Related question: if a given process has a PAG, is it possible for it to spawn a process with no PAG (ie tokens get associated to the userid, not a PAG)? No. This is bug #3828 in RT. -- Russ Allbery ([EMAIL PROTECTED]) http://www.eyrie.org/~eagle/ ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info