Ticket #415 (new enhancement)
Write authenticator daemon to conspire with PyHesiodFS to get tokens
| Reported by: | broder | Owned by: | |
|---|---|---|---|
| Priority: | low | Milestone: | The Distant Future |
| Component: | -- | Keywords: | |
| Cc: | Fixed in version: | ||
| Upstream bug: |
Description
One of the few things we still need an attach command for is acquiring tokens.
So we should eliminate that need.
We could write a daemon that starts in each PAG/session, and registers itself with PyHesiodFS as the authenticator for all processes in the PID tree under PID n. Then whenever a process accesses a mountpoint in PyHesiodFS, it could grab the PID in fuse.FuseGetContext() and walk up the process tree until it finds a PID it knows an authenticator for.
It could then somehow (DBus? something else?) send a signal to the authenticator, which would acquire tokens for the correct cell if it didn't have them already.
This could also somehow deal with zephyr subscriptions as well, thus completely eliminating the need for attach to be a slightly clever combination of stat() and symlink()
This is a questionable idea, because it basically turns the target into rpc.gssd, which is Wrong.