the fake kaserver code doesn't call VIOCUNLOG to invalidate the tokens when
closing the connection. The risks for this actually making any difference
increases with my patch in bug #2151 that longens the token lifetimes.
Created attachment 940 [details]
adds afs_unlog() to afs.c and calls it from close_cnum()
Volker, I would like to see this patch commited, if you think its
the wrong place to do it, please propose a better place.
Having token hanging around it the kernel until the
gc hits is not a good idea.
I'm not entirely certain this is the right place to do it. In fact, I'm not sure
that the afs_login is correctly placed in the tconX call. The AFS token is a
user-based credential, and this would be better placed inside the session setup
that does the user authentication. Then the unlog should be in the smbunlog
call, but only if this is the last user session with this user id. A client
could issue several session setups for the same user, we would need to refcount
That's the reason why I did not apply that patch yet.