On Tue, Dec 26, 2000 at 03:33:53PM -0800, Bill Paul wrote:
> I'm responsible for implementing this feature.
Thanks for that!
> Using the SCM_CREDS 'hack' was
> a) expedient, as it only involved a minor change to the kernel and
> b) it seemed to agree with the way RPC worked, i.e. each RPC needs
> the credential info for authentication.
> Anyway, imagine my surprise when, after going to all the trouble of
> thinking up the SCM_CREDS hack, making it work, and then patting myself
> on the back for being clever, I opened up my brand new copy of _UNIX
> Network Programming, 2nd Edition, Vol I_ and found that some fool at
> BSDi had come up with the idea first. :) NetBSD uses the BSD/OS approach
> rather than the FreeBSD approach. In theory, you could have both. I
> still say the per-message credential mechanism works better with RPC,
> but I'm just a crotchety old fart anyway.
With regards to `the per-message credential mechanism works better with
RPC': in fact, the way Solaris handles this (now?) is a per-message
credential mechanism. Local RPC is implemented on top of doors (see
UNPv2 chapter 15) rather than sockets. A doors procedure can use
door_cred() to get client creditials each time it is invoked (i.e. per
message).
Switching gears back to the BSD/OS approach you mentioned, UNPv1 says,
On a datagram socket, the credentials accompany every datagram. On
a stream socket, the credentials are sent only once, the first time
data is sent.
So as long as one is using a SOCK_DGRAM socket, the BSD/OS-NetBSD
approach should be analogous to what we have currently in FreeBSD?
--
Jacques Vidrine / [EMAIL PROTECTED] / [EMAIL PROTECTED] / [EMAIL PROTECTED]
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-hackers" in the body of the message
