[266] in Info-AFS_Redistribution
Re: ka_*() API specifications
daemon@ATHENA.MIT.EDU (Wallace Colyer)
Sun Aug 4 23:48:08 1991
Date: Sun, 4 Aug 1991 22:11:53 -0400 (EDT)
From: Wallace Colyer <wally+@andrew.cmu.edu>
To: Info-AFS@transarc.com, Craig_Everhart@transarc.com, cal_thixton@next.com
In-Reply-To: <0caMkDr0BwwOAVv1ks@transarc.com>
The token packing, passing, and unpacking software works wonderfully
for passing authentication to a process that needs it for a short time
or that needs the authentication seperate of the login process (ie,
needs to work after the user unlogs and logs out), but is deficient in
some cases. If you have an already existing process that you want to
pass authentication to which will be used for the duration of a user's
login process the process will not pick up new authentication as the
user reauthenticates when his tokens expire or he authenticates as
another entity. In AFS authentication is not connected to the uid,
but rather to the process authentication group or PAG.
It sounds like you have two different problems which need different
solutions. For printing where a seperate process must write a file
into afs, but was created prior to the user logging in you need to do
something very similar to the Andrew AMS queuemail program which uses
the routines that Craig pointed to, but for something that must
continue to exist and do services over time for the user for the
duration of the login session you should share the same PAG.
Anyone know how pags can be shared? Would it be just a simple
getgroups and setgroups call? I'd apreciate a better explaination of
how pags can be used for this purpose.
If you do pass tokens off to other processes please don't forget to
destroy them when you are done.
-Wallace
