From mboxrd@z Thu Jan 1 00:00:00 1970 From: David Howells Subject: Re: [RFC] New authentication management syscalls Date: Fri, 09 May 2003 21:06:46 +0100 Sender: linux-kernel-owner@vger.kernel.org Message-ID: <2973.1052510806@warthog.warthog> References: <20030509113916.A29208@figure1.int.wirex.com> Mime-Version: 1.0 (generated by SEMI 1.14.4 - "Hosorogi") Content-Type: text/plain; charset=US-ASCII Cc: David Howells , Christoph Hellwig , David Howells , Trond Myklebust , arjanv@redhat.com, viro@parcelfarce.linux.theplanet.co.uk, drepper@redhat.com, linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org Return-path: To: Chris Wright In-Reply-To: <20030509113916.A29208@figure1.int.wirex.com> List-Id: linux-fsdevel.vger.kernel.org > > I think this might be a better idea than the name of a mountpoint as it > > would then be possible to set the tokens prior to mounting, maybe so that > > you _can_ mount. > > > > I'm thinking a bit of samba here, where authentication information needs > > to be passed upon mounting (workstation/domain, username, password). > > How does this map up with Viro's idea of a two stage mount. IIRC, it > was someting akin to: > > fsfd = open(/dev/fs_type/ext2) > write(fd, "device and options, potentially including auth..."); > mntfd = open("mntpt"); > newmount(fd, mntfd, MNT_ATTACH); > > or something like that. Wouldn't that give you a free form abiility to > talk to the fs driver and authenticate as needed? Is this plan still > alive? Then you end up with a copy of the token for every mountpoint, which may not be what you want. With my AFS client for instance, you want at most one token per cell per PAG. Each cell contains potentially lots of volumes, and each volume is mounted as a separate mount. OTOH, with OpenAFS, you get one mount for everything and everyone, and that contains all cells and all volumes, and so will almost certainly have the tokens uploaded post-mount. David