On Mon, 3 Feb 2014, Benjamin Kaduk wrote:
To fulfill the last point, we could potentially use a separate field in file server tokens to store the CM identity (and ~require different data structures for dbserver and fileserver tokens), but my proposal keeps a single identities list and uniform token data structure, calling out the last identity in the list as the cache manager identity. To account for the case when the token1 argument to AFSCombineTokens is empty, I create a new kind of PrAuthName (PRAUTHTYPE_EMPTY) to use as a placeholder. Since extended callbacks require a CM identity, it's easy to check what's where.
It seems that I have been thinking about this some more, and the thinking has been finding reasons to use a separate field for the CM identity. I wrote "~require" above, since I had originally thought it was a strict requirement but noted as I was writing the email that we could just leave a field unused in non-fileserver tokens (much as the appdata field of the authenticator is only presently used for the UUID of a cache manager); the extra word to indicate a zero-length array is actually smaller in the encoded blob than the three words that would be needed for PRAUTHTYPE_EMPTY and two length zeros (for the data and display parts). The real "killer feature", though, is that a combined token could be used as the CM identity. Thus, a two-user machine without a keytab could have the CM take two user tokens, combine them with regular CombineTokens, and use the result as its CM identity. The resulting key would not be determinable without collusion between both users, so no one user can corrupt the cache for the other. (This does make keeping a non-expired CM token around a bit harder, but if we allow the fileserver to maintain a handful of the (UUID, identity, key) triples, the transitions should not be too bad.)
If there are no flaws in that reasoning, I can write it up as an -05. -Ben _______________________________________________ AFS3-standardization mailing list [email protected] http://lists.openafs.org/mailman/listinfo/afs3-standardization
