From: Trond Myklebust <trond.myklebust@fys.uio.no>
To: Linus Torvalds <torvalds@transmeta.com>
Cc: Garance A Drosihn <drosih@rpi.edu>,
Jan Harkes <jaharkes@cs.cmu.edu>,
David Howells <dhowells@redhat.com>,
<linux-kernel@vger.kernel.org>, <linux-fsdevel@vger.kernel.org>,
<openafs-devel@openafs.org>
Subject: Re: [OpenAFS-devel] Re: [PATCH] PAG support, try #2
Date: 15 May 2003 03:34:25 +0200 [thread overview]
Message-ID: <shshe7xt2la.fsf@charged.uio.no> (raw)
In-Reply-To: <Pine.LNX.4.44.0305141749490.28007-100000@home.transmeta.com>
>>>>> " " == Linus Torvalds <torvalds@transmeta.com> writes:
> I'm interested in a much more generic issue of "user
> credentials", and here a PAG can be _one_ credential that a
> user holds on to. But to be useful, a user has to be able to
> have multiple such credentials. While one might be his "AFS
> userid", another will be his NFS mount credentials, and a third
> one will be his key to decrypt his home directory on that
> machine.
The interesting thing about a PAG is that it is a handle that is
shared between userland and the kernel, and carries information about
which collection of authentication tokens/credentials a process holds.
RPCSEC can be made to use it to communicate which bag of creds the
userland daemon may use when it attempts to negotiate a new security
context for an NFS user. At the moment all we can tell is 'use the
credentials of uid=zyx' which is no good if the user wants 2
subprocesses to authenticate using different remote kerberos accounts,
say.
Cheers,
Trond
next prev parent reply other threads:[~2003-05-15 1:21 UTC|newest]
Thread overview: 47+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-05-14 10:43 [PATCH] PAG support, try #2 David Howells
2003-05-14 10:56 ` Christoph Hellwig
2003-05-14 11:56 ` David Howells
2003-05-14 12:35 ` Christoph Hellwig
2003-05-14 12:45 ` William Lee Irwin III
2003-05-14 12:57 ` Jeff Garzik
2003-05-14 11:49 ` Matthew Wilcox
2003-05-14 12:03 ` David Howells
2003-05-14 16:49 ` Linus Torvalds
2003-05-14 17:37 ` David Howells
2003-05-15 11:18 ` Ingo Oeser
2003-05-18 14:51 ` Trond Myklebust
2003-05-14 19:28 ` H. Peter Anvin
2003-05-14 16:58 ` Jan Harkes
2003-05-14 17:11 ` Jan Harkes
2003-05-14 20:45 ` [OpenAFS-devel] " Harald Barth
2003-05-15 0:14 ` Garance A Drosihn
2003-05-15 0:14 ` Garance A Drosihn
2003-05-15 0:57 ` [OpenAFS-devel] " Linus Torvalds
2003-05-15 1:34 ` Trond Myklebust [this message]
2003-05-15 2:30 ` Linus Torvalds
2003-05-15 14:04 ` Dean Anderson
2003-05-15 16:20 ` Linus Torvalds
2003-05-15 16:41 ` David Howells
2003-05-15 17:23 ` Linus Torvalds
2003-05-16 12:12 ` David Howells
2003-05-15 23:00 ` Garance A Drosihn
2003-05-15 23:00 ` Garance A Drosihn
2003-05-15 23:21 ` QM_MODULES Function not implemented John Shillinglaw
2003-05-16 0:53 ` [OpenAFS-devel] Re: [PATCH] PAG support, try #2 Nathan Neulinger
2003-05-15 4:26 ` Russ Allbery
2003-05-15 4:26 ` Russ Allbery
2003-05-15 4:59 ` [OpenAFS-devel] " Linus Torvalds
2003-05-15 15:34 ` Booker Bense
2003-05-15 15:34 ` Booker Bense
2003-05-15 6:04 ` Riley Williams
2003-05-15 13:26 ` [OpenAFS-devel] " Garance A Drosihn
2003-05-15 13:26 ` Garance A Drosihn
2003-05-15 13:12 ` [OpenAFS-devel] " Garance A Drosihn
2003-05-15 13:12 ` Garance A Drosihn
2003-05-15 15:55 ` [OpenAFS-devel] " Douglas E. Engert
2003-05-15 15:55 ` Douglas E. Engert
2003-05-15 13:35 ` [OpenAFS-devel] " David Howells
2003-05-15 13:55 ` chas williams
[not found] <499763005@toto.iv>
2003-05-15 23:44 ` Peter Chubb
-- strict thread matches above, loose matches on Subject: below --
2003-05-16 18:05 Dr. Greg Wettstein
2003-05-16 18:28 ` Jesse Pollard
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=shshe7xt2la.fsf@charged.uio.no \
--to=trond.myklebust@fys.uio.no \
--cc=dhowells@redhat.com \
--cc=drosih@rpi.edu \
--cc=jaharkes@cs.cmu.edu \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=openafs-devel@openafs.org \
--cc=torvalds@transmeta.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.