[3140] in Athena Bugs
Expired tokens
daemon@ATHENA.MIT.EDU (John Carr)
Fri Sep 8 21:30:19 1989
To: bugs@ATHENA.MIT.EDU
Cc: bug-afs@ATHENA.MIT.EDU
Date: Fri, 08 Sep 89 21:30:01 EDT
From: John Carr <jfc@ATHENA.MIT.EDU>
I receive syslog messages from dialup2, and judging from the number
of messages
Tokens for user of AFS id # have expired
I see, it will be a very good idea to make one of the following changes
for the next release:
1. Run "/bin/unlog" as part of the normal logout procedure.
(disadvantage: if you are logged in more than once [but I think
you lose anyway by having your passwd entry deleted])
2. Modify the kernel to periodically purge expired tokens
(disadvantage: extra work and complexity in the kernel. There is
precedent, as AFS does do other things at regular intervals, such
as maintaining locks and checking on dead servers.)
I recommend #2, though there are good reasons to do #1 also (as this also
prevents stealing of AFS tokens).
If we don't do this, sooner or later root is going to have expired AFS
tokens on a heavily used machine like dialup when someone else's tokens
expire, and someone will get to take a walk to the machine room to reboot
it (this situation triggers a nasty bug -- if you are very lucky, you can
get the machine to panic, but usually it requires pushing a button to
restore it).
