On Fri, Mar 31, 2006 at 06:17:53PM -0500, Jeffrey Hutzelman wrote: > On Friday, March 31, 2006 04:20:48 PM -0600 Nicolas Williams > <[EMAIL PROTECTED]> wrote: > >What other kernel-land applications can you think of or imagine that > >fundamentally needs direct multi-application PAG support in the kernel > >and can't upcall? > > - Encrypted (local) filesystems
Orthogonal to PAGs. The kernel needs to know keys for encrypting objects/filesystems, but access controls are as normal (ACLs, mode bits). We're planning on per-filesystem (think ZFS) keys, too, so there's no per-"session" keys to worry about. > - Kernel-mode ticket caches Circular logic. > - iscsi? User credentials are not needed for iSCSI, typically, and iSCSI can upcall like everybody else. > Maybe PAG-based authorization for things like X server or ssh agent > connections. In reality, I bet those can be handled in user mode, though > an application like that would require some trusted entity for allocating > ID's which are unique across the system. Authorization by PAG requires making changes to lots of things in the kernel (e.g., two procs w/ equal cred_t's but for different PAGs should not be allowed to trace each other w/o special privilege). Keep it simple. Nico -- ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
