On Fri, 16 Mar 2012 18:27:32 -0400 Oguzhan Eris <e...@ekls.com> wrote:
> Can someone explain why the "writes" don't at least try to recheck the > pts memberships? Group membership is calculated on connecting to a server, which usually happens after token acquisition. Calculating this on every access from the client (even just writes) could be prohibitively slow. This model is pretty common; the same thing happens on unix systems if you add or remove someone from a group. There are ways of forcing the group membership to be recalculated if you really need to revoke access _now_, but there's not much good tooling for it. I just haven't really seen any demand. -- Andrew Deason adea...@sinenomine.net _______________________________________________ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
