From: David Howells <dhowells@redhat.com>
To: torvalds@osdl.org, akpm@osdl.org
Cc: linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org,
netdev@vger.kernel.org, dhowells@redhat.com
Subject: [PATCH 0/8] AFS: Add security support and fix bugs
Date: Wed, 11 Apr 2007 20:09:56 +0100 [thread overview]
Message-ID: <20070411190956.15499.55352.stgit@warthog.cambridge.redhat.com> (raw)
These patches build on the patchset labelled "AF_RXRPC socket family and AFS
rewrite". The patches are also available for http download.
Firstly, the patches fix a number of bugs in AF_RXRPC:
http://people.redhat.com/~dhowells/rxrpc/09-af_rxrpc-own-workqueues.diff
http://people.redhat.com/~dhowells/rxrpc/10-af_rxrpc-fixes.diff
Secondly, they fix some bugs in the AFS filesystem:
http://people.redhat.com/~dhowells/rxrpc/11-afs-callback-wq.diff
http://people.redhat.com/~dhowells/rxrpc/12-afs-vlocation.diff
http://people.redhat.com/~dhowells/rxrpc/13-afs-multimount.diff
And finally, they add security support to AFS:
http://people.redhat.com/~dhowells/rxrpc/14-afs-rxrpc-key.diff
http://people.redhat.com/~dhowells/rxrpc/15-afs-nameidata-key.diff
http://people.redhat.com/~dhowells/rxrpc/16-afs-security.diff
A security key is acquired by running the klog program:
http://people.redhat.com/~dhowells/rxrpc/klog.c
This is compiled by:
make klog CFLAGS="-Wall -g" LDLIBS="-lcrypto -lcrypt -lkrb4 -lkeyutils"
And then run by:
./klog
Note that at the moment this is a rough and ready test program that has the
username, realm, password and proposed key timeout compiled in. Note also that
it will only talk to the AFS kaserver.
If a security key is acquired, then all subsequent operations - including VL
lookups and mounts - performed with that session keyring will be authenticated
using that key. The key can be viewed like so:
[root@andromeda ~]# keyctl show
Session Keyring
-3 --alswrv 0 0 keyring: _ses.3268
2 --alswrv 0 0 \_ keyring: _uid.0
111416553 --als--v 0 0 \_ rxrpc: afs@CAMBRIDGE.REDHAT.COM
David
next reply other threads:[~2007-04-11 19:10 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-04-11 19:09 David Howells [this message]
2007-04-11 19:10 ` [PATCH 1/8] AF_RXRPC: Use own workqueues David Howells
2007-04-11 19:10 ` [PATCH 2/8] AF_RXRPC: Lower dead call timeout and fix available call counting on connections David Howells
2007-04-11 19:10 ` [PATCH 3/8] AFS: Fix callback aggregator work item deadlock David Howells
2007-04-11 19:10 ` [PATCH 4/8] AFS: Correctly alter relocation state after update and show state in /proc David Howells
2007-04-11 19:10 ` [PATCH 5/8] AFS: Handle multiple mounts of an AFS superblock correctly David Howells
2007-04-11 19:10 ` [PATCH 6/8] AFS: AF_RXRPC key changes David Howells
2007-04-11 19:10 ` [PATCH 7/8] AFS: Permit key to be cached in nameidata David Howells
2007-04-11 19:10 ` [PATCH 8/8] AFS: Add security support David Howells
2007-04-11 19:38 ` J. Bruce Fields
2007-04-11 20:10 ` David Howells
2007-04-11 20:17 ` J. Bruce Fields
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20070411190956.15499.55352.stgit@warthog.cambridge.redhat.com \
--to=dhowells@redhat.com \
--cc=akpm@osdl.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=torvalds@osdl.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.