Coda File System

Re: ACLs, PAGs and PACs

From: Andi Kleen <ak_at_muc.de>
Date: 10 Dec 1997 21:40:24 +0100
e96_lho_at_elixir.e.kth.se (Love Hörnquist-Åstrand) writes:

> Jim Doyle <jrd_at_bu.edu> writes:
> 
> > It was mentioned that RPC2 is already instrumented to use multiple
> > authentication protocols - Kerberos V4 being one that is apparently
> > already implemented.
> 
> From what I understand there is no "strong" cryptografy in the code right now,
> due to ITAR. Some day when I feel like I have nothing to do, that problem maybe
> get fixed. Don't hold you.....
> 
> > It is not unlikely to have AFS, DFS, Coda, Kerberized NFS and Windows SMBFS 
> > all running on the same box, each with different authentication credentials 
> > stored in kernel for each user, for each filesystem technology. So, eventually,
> > this will need to be solved.
> 
> s/NFS/NFS,RPC/ Yes, i do agree with you, the problem is that today these things
> does not exists, so do you really now what you need ? I dont want to buy a 
> foo.bar_at_FOO.BAR credentials for each service i and to use and push them into the
> kernel, at the same time i dont want Kerberos/whatever in the kernel. I just want
> to give it my krbtgt and be happy.

The problem exists already in the Linux kernel. smbfs (and probably ncpfs too)
have it. smbfs currently uses the 'specify user at mount time' hack, but that's
only a bad hack IMHO and not suitable for multiusre machines. I'm sure
the smbfs developers are interested in solving this problem too (I cc'd
Bill Hawes)

-Andi
> 
> Are you ready do nail down the interface today (and get shot tomorrow) ?
Received on 1997-12-10 16:02:51