On Aug 24, 2005, at 13:08:23, Kevin Coffman wrote:
On Wed, 24 Aug 2005, Kevin Coffman wrote:
It would be nice to have some discussion about how OpenAFS plans
to use
the keyring.
As long as the discussion is clear from the start that we are
looking for
a session semantic, one where key access is not tied to a uid, but
instead
that the key can (and is) shared across uids if those uids are in
the same
session, and that a single uid may be in more than one disjoint
session.
Yes, we want the same semantics as AFS/DFS for NFSv4 as well.
I think the keyring code supplies enough rope to accomplish this.
Theoretically, the keyring code is extensible enough (and with enough
different
available inheritance semantics) that it could even be used to
implement fs-uid
for local filesystems: My processes (uid "kyle") could theoretically
have fs-id
keys for 0:0 on that local filesystem. suid/sgid gets a bit tricky
there, but
it should be possible to work out a sane semantic. You could even
probably do
linux capabilities as a key, except that currently the key code
relies on
capabilities to do some admin-level permission checking.
Cheers,
Kyle Moffett
--
Premature optimization is the root of all evil in programming
-- C.A.R. Hoare
_______________________________________________
OpenAFS-devel mailing list
OpenAFS-devel@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-devel
