Solaris ssh pam_krb
Nicolas Williams
Nicolas.Williams at sun.com
Fri Mar 31 16:52:42 EST 2006
On Fri, Mar 31, 2006 at 03:41:13PM -0600, Douglas E. Engert wrote:
> While you are thinking about PAGs, how do you handle Solaris zones
> with PAGs?
The simple kernel PAG approach is orthogonal to zones: your pag_t's will
be unique to the whole system, zones or not. The filesystem namespace,
and, therefore, the IPC end-points of the user-land daemon(s) tracking
PAG associations are already virtualized, therefore the existing zone
infrastructure is sufficient (provided we don't do stupid things) to
separate per-zone uses of PAGs.
> AIX and HPUX had a PAG field in the creds to be used with DFS.
Yup. That's what I'd do, except that it wouldn't be a 64-bit unsigned
integer -- it'd be a pointer to a structure that contains the pag_t
number, a reference count, and, perhaps, zero-reference event
notification subscriber information.
Nico
--
More information about the Kerberos
mailing list