Re: In-kernel Authentication Tokens (PAGs)

[Andy Lutomirski]

Kyle Moffett wrote:

> On Jun 11, 2004, at 23:13, Andy Lutomirski wrote:
>
> > I like the idea of having some kernel support for tokens.
> >
> > But why PAGs?  I imagine tokens as being independent objects without
> > any hierarchy.  A token group is a set of tokens.  The operations on 
> > tokens
> > are:
> >
> > [...snip...]
> >
> > If you really need a hierarchy, then you could allow token groups to 
> > contain
> > other token groups, with the rule that the whole thing must be acyclic.
>
>
> I think my vocabulary here is confusing, what you refer to as a token 
> group, I refer to as a PAG.  The idea for the hierarchy is that it is 
> frequently desirable to start a sub-shell with a temporarily different 
> set of tokens, or to mask out only a certain token without modifying the 
> rest.

Right.  But I think it would be desirable to do other things -- for 
example, a program might want to forward one token over to a daemon to do 
some work.  It doesn't make much sense here to have a hierarchial structure.

BTW, does AFS even have this hierarchy, or does pagsh just create a copy? 
I can't find any manpage for it...


--Andy
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/