[3279] in Release_7.7_team
Re: Draft of Disconnected Operation White Paper.
daemon@ATHENA.MIT.EDU (Bill Cattey)
Wed May 15 18:06:19 2002
From: Bill Cattey <wdc@MIT.EDU>
To: John Hawkinson <jhawk@mit.edu>
Cc: release-team@mit.edu, warlord@mit.edu
In-Reply-To: <200205091535.LAA14998@multics.mit.edu>
Content-Type: text/plain
Content-Transfer-Encoding: 7bit
Date: 15 May 2002 18:06:16 -0400
Message-Id: <1021500376.23857.131.camel@tokata.mit.edu>
Mime-Version: 1.0
I'm writing to follow up on a suggestion you made regarding the model
for Athena disconnected operation which Greg Hudson also spoke in favor
of:
On Thu, 2002-05-09 at 11:35, John Hawkinson wrote:
>
> | Kerberized login:
> |
> | Athena users normally expect that when they log on, that kerberos
> | tickets are acquired for them automatically, and that no further
> | action need be taken to access secure services. Trying to do this by
> | default on a sometimes disconnected system is probably the wrong
> | design. It would result in long pauses if the network was
> | disconnected appearing to the user as a login hang.
> |
> | Recommendation 4: Set explicit expectations that the default login
> | mode is to NOT fetch Kerberos tickets at login time.
>
> I think this is the wrong model. I think you want:
>
> Get tickets if the user logs in and the network is up, otherwise
> don't.
>
> When the network comes up, prompt the user to get tickets if they
> don't have nonexpired tickets. This is made easier with a gui
> renew.
>
Both ghudson and warlord pointed out that if one solves the renew
problem, one could then kick off a graceful re-establishment of Zephyr
subscriptions and connections.
I chatted with warlord on how this might be done, and he raised the
issue: Network starts and stops, and hibernates, and suspends are
managed at the init level with uid 0, whereas kerberos, and zephyr are
managed at the level of a logged in user.
Question for you jhawk:
What would you suggest as the way to get a proper operation from:
network up event -> renew user auths
For extra credit, how would you handle the issue of multiple users
logged on? (This is an unlikely event on a laptop, but probably needs a
little defensive programming around to prevent nasty lossage in corner
cases.)
Thanks again for the input.
-wdc