On Tue, Jan 13, 2009 at 11:18:00PM +0000, Darren J Moffat wrote: > I'm a little concerned that the privileges part is very OpenSolaris > specific. Assuming it stays the way it is don't we need a file_flag_set > privilege as well or is that covered by NFSv4 attribute operations ?
I excluded that one because I didn't know what NFSv4 concept it maps well onto, if any. But yes, I even left a comment in the I-D about how we need reviewers with direct experience with fine-grained privileges on other operating systems. Still, that said, there aren't very many other ways to break down privilege in an NFSv4 context... > I might be able to be editor/co-author for this but I want to have > another more detailed read over it and refresh my memory on previous > versions of RPCSEC_GSS first. David Quigley has just volunteered to edit, and he's got a very strong interest in this I-D. So I think we'll be OK, but thanks! And do refresh your memory re: RPCSEC_GSS. To help you: version 1 is RFC2203, version 2 is draft-ietf-nfsv4-rpcsec-gss-v2-06.txt. Version 2 is very similar to version 1, but adds channel binding support. Version 3 is very different from version 1 and 2 in that it relies on the earlier versions to do all the hard work of establishing GSS-API security contexts and providing per-message security -- version 3 merely adds control messages for "binding" multiple RPCSEC_GSSv1/2 contexts together (compound auth) and assertions about process credentials (labels, privs, IDs). That should make v3 easy to implement. Thanks for the review! Nico --
