hacks to get 0.44pre going on netbsd-4

[Jonathan A. Kollasch]

On Sun, Sep 03, 2006 at 12:09:53AM +0200, Tomas Olsson wrote:
> Pavel Cahyna <pavel at netbsd.org> writes:
> > how can Arla work without PAGs? I was thinking that this is a key part.
> >
> >From the daemon's point of view a PAG is just a number identifying the set
> of AFS credentials to use for the request.  If the user hasn't set his PAG
> nnpfs defaults to the user's uid, so if there is no way to set your PAG you
> just have that one slot to work with.
> 
> For an ordinary user that shouldn't be too much of a limitation, they don't
> use pagsh anyway.  Personally I do feel a bit handicapped by it on my Mac.
> 

I'm not an ordinary user, I have a few instances of my principal I use for
different things. Also, if you have a daemon(s) that need AFS access, PAGs
become very useful.

> > could you please briefly explain how were PAGs implemented before kauth
> >
> We add magic numbers to the process' group list, it's very convenient in
> that it is inherited across fork() etc.  Perhaps not a very good way to use
> those fields though, and it involves some ugly tricks.
> 
> > and how does kauth break this?
> >
> I'll leave that one for the experts.

(I'm not an expert.)

Short answer, because it's more work.  Sorry, I'm rather lazy.

After some thought, it seems that it would be sort of easy to get PAGs
working again under kauth, it's just that we have to use kauth_cred_t
rather than struct ucred.  Again, I'm not an expert, but, it seems to
me that it might be a bit awkward supporting kauth, pre-kauth, and
non-kauth kernels in the same source files.

	Jonathan A. Kollasch

P.S.
I'd like to apologize for my previous slams of kauth, they
were mostly just a vent of my frustration with change.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 186 bytes
Desc: not available
Url : http://lists.stacken.kth.se/pipermail/arla-drinkers/attachments/20060904/ebc5523d/attachment.bin