Indeed: our "clog" program gets a token (a la kerberos but not strongly
encrypted at the moment).  It then hands this token to Venus.

Venus drops all connections to the servers and replaces them with
authenticated ones at that moment. At this moment a user has "credentials"
and Coda compares ACL entries using these.

The kernel caches lookups and these lookups are matched by the name to
lookup _as_ well _as_ the credentials of the process performing the
lookup.

When tokens expire (25hours later) or when users type "cunlog" Venus again
changes connections to the server.  It also makes a downcall to the kernel
instructing it to flush anything held under the old credentials.

I hope this is what you would like to hear...

- Peter -


On Thu, 4 Dec 1997, Love Hrnquist-strand wrote:

> > We use UDP.  Our RPC transmission routines take a pointer to an encryption
> > function (currently xor with a string).  On authenticated connections they 
> > can encrypt nothing, headers only and whole packets.
> 
> Do there exist any smart way to keep track of tokens/credentials,
> i.e send them to venus(?) and destroy them, does rpc2 simply support
> diffrent auth methods. Does a "unlog" propagete from the userland
> client to the kernel & cache ?
> 
> Sorry for asking questing and not reading src.
> 
> Love
> 
>