I pushed a few more changes to
https://github.com/kaduk/openafs/commits/prot (log below).
In particular,
6204312 Prescribe leap of faith for RegisterAddrsAndKey
is a pretty substantive change, though we have talked about related issues
a fair amount on this list. The idea is that (for departmental
fileservers) the vldb must have a binding between fileserver UUID and some
GSS identity, to authenticate VL_RegisterAddrs and friends. A GSS
identity is needed because we want these RPCs to run over rxgk
connections, which requires a token, and it's easiest to use the GSS
negotiation service. We don't have to care what identity that is, and can
use "leap of faith" to create a binding for future use (or use
administrator intervention). However, to prevent denial of service, we
cannot use VL_RegisterAddrsAndKey to upgrade an existing fileserver uuid
using whatever GSS credentials are presented. (A superuser could still do
so, though, and a fileserver with the cell-wide key can print tokens which
are implicitly superuser tokens.) Hopefully the added text accurately
conveys these ideas.
There are also a couple of changes to make clear split between
database+fileservers, which have special treatment for tokens, and other
AFS services using rxgk, which operate as more standard rxgk services. We
also suggest the afs3-bos@hostname type principal name.
Comments/review welcome.
-Ben
commit 63b2ace02681ec56b1cf5b42ad8a0f63256663bc
Author: Ben Kaduk <[email protected]>
Date: Mon Mar 4 18:35:57 2013 -0500
Inline VL_RegisterAddrs elements
Do not attempt to incorporate by reference a reference which does
not exist.
Change-Id: I41d725a7ef27525be2002919d04980a45d89c289
commit 620431272eb1365f3eb9fd3dcf89cd6c8195176c
Author: Ben Kaduk <[email protected]>
Date: Mon Mar 4 18:22:34 2013 -0500
Prescribe leap of faith for RegisterAddrsAndKey
Bind a GSSAPI identity to fileserver UUID, needed to authenticate
future operations on that database entry. Also suggest periodic
rekeying per best practice on key lifetimes.
Change-Id: Idec26ee2184fd458186fcbdc4783dbea7d29b4eb
commit 34ed8c60f64b7c81cd0654b27cb8ee63b7621384
Author: Ben Kaduk <[email protected]>
Date: Mon Mar 4 16:54:59 2013 -0500
Allow empty authenticator appdata opaque for bosserver
We don't need a cache manager to talk to a bosserver (or potentially
other non-db, non-fileservers) and may not have a stable UUID
available.
Change-Id: I28b62bf5f711066b8f43e2680d4abffa949b99cd
commit a1f731943b2522a84c1815f2f056c3f3398ce9c6
Author: Ben Kaduk <[email protected]>
Date: Mon Mar 4 16:47:03 2013 -0500
Mention non-database non-files AFS servers
E.g., bosserver, which must run a negotiation service for the
bootstrapping stage.
Change-Id: I83bb749310bf030c1f342a31d1e0e0217e249946
Author: Ben Kaduk <[email protected]>
Date: Mon Mar 4 16:13:43 2013 -0500
Tweak RXGK error code descriptions
Do not restrict BAD{LEVEL,ETYPE} to the negotiation RPCs.
Change-Id: I9b581d31d342907cb6fdfbf3902a1c49137d3283
commit db73249fa194cb05dccd2de9a8e97794592e9cc5
Author: Ben Kaduk <[email protected]>
Date: Mon Mar 4 15:35:52 2013 -0500
Talk about acceptor principal names for GSSNegotiate
The client has to know the target principal's name; give it a
suggestion for when it knows better.
The server, however, should not specify a name, since that would
be overly restrictive.
Change-Id: I24481178aef93b40ae10097f9b76e3765431bbb0
commit e8d2457b4e2f33cee6bc684008edfdd250eb6275
Author: Ben Kaduk <[email protected]>
Date: Mon Mar 4 13:11:22 2013 -0500
Attempt to make the GSS negotiation loop correct
Describing these things is always challenging.
Change-Id: I15ac1d7c8962aac6cd853cbcc404c55df52a8a04
commit bc8ffaf692db07ee5d87e95d03f95015c32b37e8
Author: Ben Kaduk <[email protected]>
Date: Mon Mar 4 12:35:40 2013 -0500
RXGK challenges do not contain a version stamp
Such a thing would be useless without discriminated unions, which
we don't have yet.
Change-Id: I5d06b3dd80a898701765f755fafa67ca97e1cd27
commit bab989047a2ab41b8f9825c4866355356fff8d8a
Author: Ben Kaduk <[email protected]>
Date: Mon Mar 4 12:31:40 2013 -0500
Mention maxcalls support
Now that the explicit variable has gone, add a mention of how to
use call_numbers<> to determine the maximum number of calls per
connection supported by this client.
Change-Id: I46955a6465d911f894d0ae38979c0b9bed5bc430
_______________________________________________
AFS3-standardization mailing list
[email protected]
http://lists.openafs.org/mailman/listinfo/afs3-standardization
