proposed PAG handling changes for Arla
Chris Wing
wingc at engin.umich.edu
Tue Jul 20 19:03:37 CEST 1999
Nathan:
> In fact, we make use of this behavior in AFS to clean out the tokens out of
> the kernel when users are gone and have no processes, even though their
> token hasn't expired.
I believe Arla's 'fs' command has a PAG garbage collection option which
does this automatically. In Arla, it's less of an issue since the tokens
are stored in user space, not kernel space. (arlad does all the real work)
> If we don't, things get really slow cause the token/pag structures get
> enormous.
I haven't tried Arla on a machine with hundreds of users yet, though...
> Besides, anyone with root is going to be able to attach to any users
> processes with any number of different tools, and if you're using kerberos,
> they are going to be able to just access the credentials cache directly.
More information about the Arla-drinkers
mailing list