PAG stands for Process Authentication Group, and basically consists of a kernel memory location containing your tokens. The login process can be configured to give each login to a machine a distinct PAG.
Logins that are not given a distinct PAG of their own will share a common uid-referenced pseudo-PAG. It is possible for logins sharing this PAG to stomp on one anothers tokens.
It is possible to get a new PAG by using the newpag or pagsh commands. These are frequently used by system administrators who need to manage multiple sets of tokens (in the same manner as using ticket swapping aliases for managing multiple sets of Kerberos tickets).
| previous | index | next |