[597] in Info-AFS_Redistribution
Re: Patches for XDM for AFS authentication
daemon@ATHENA.MIT.EDU (Scanner)
Tue Feb 11 19:00:31 1992
To: "Todd Inglett" <tinglett@rchland.vnet.ibm.com>
Cc: info-afs@transarc.com
In-Reply-To: Your message of "Tue, 11 Feb 92 14:28:08 CST."
Date: Tue, 11 Feb 92 17:14:34 EST
From: Scanner <lucee@rpi.edu>
> I have seen this problem, too, but far less frequently than you have
> observed. We have been running a modified x11r4 xdm for several months
> now. I noticed that root sometimes got the tokens. So I modified the
> code to setuid to the user, authenticate, and setuid back to root. The
> code later switches back to the user. Maybe this didn't change anything
> at all. If your limit theory is true, my code would appear to work
> simply because I restarted xdm.
I have one rs/6000 serving a single Xstation which is not used very
frequently, and that xdm continues to work after four weeks.. (where
as the one that fails most frequently has five Xstations, one of which
is somewhat public and gets a lot of use)
Your behaviour matches ours here.. the AFS authentication works, but
the PAG creation does not work, and since the authentication happens
as root and you're not in a pag, root ends up with your tokens
associated with its uid.
Yes, I'm considering doing a hack of setuid()'ing to the user's uid,
then doing the call, and going back. I should probably do that
anyways just be safe.. but we really, really want to be running in a
PAG for the various usual reasons, so although this fix would work for
most of the cases, it still does not solve the problem.
I know that there are some limits on PAG creation but I'm not at all
sure what they all are.
We also now have AFS source, so I'm about to embark on a search
through that for answers, but that's not my preferred route at this
time.
> I'm on an RS/6000 running AFS 3.1b.
Same here.. saw the problem with 3.1a also on RS/6000's.
--Scanner (scanner@rpi.edu)