(Illustration by Gaich Muramatsu)
On Tue, Mar 20, 2007 at 11:35:11PM +0100, u+codalist-p4pg_at_chalmers.se wrote: > Coming back to the topic - the inconveniences while disconnected do not > in fact have any good reason. > > In my eyes, even expiring tokens in general should not prevent users > from accessing the cached objects, nor modifications. > That should of course work the same with fully available network (security > may not depend on connectivity). I'd like to notice when my modifications > cease to propagate, but that's all. I may choose to authenticate a week later > and until then behave like in disconnected mode, why not? Actually as of 6.9.0 this may just be possible, we refuse to reintegrate without tokens, but we could still access cached object based on rights we had before the token expired. Any uncached objects fetched during this period would get system:anyuser rights. We already invalidate all cached rights when we obtain a new token. The only problem is that currently rights are reinstated when validateattrs reports that an object has not changed on the server, which is actually really bad if the user had an administrator token and switched to a normal user identity. I think the only other way to recache rights is to actually access every file individually. Maybe hoarding could do it, but I think that relies on the same validateattr promotion of old rights. I'm thinking of 'softening' the demotion after reconnection so that it only marks object as needing revalidation but leave the rights alone. Also keep cached rights demotion when a server rejects our token, Greg's argument is correct, if we already had an object cached we could just as well have copied it to the local disk, or search for it in the cache directory. These changes should make reconnections and token expiry a lot more liveable. Then there still is the issue of PromoteAcRights, which I still find highly suspect, but it may be needed because I don't really see any other way in which we currently (efficiently) reestablish our cached access rights. Maybe clog and cunlog need a more agressive method to clear out cached rights so that they will not be reestablished by PromoteAcRights. JanReceived on 2007-03-23 23:02:20