From: David Howells <dhowells@redhat.com>
To: Linus Torvalds <torvalds@osdl.org>
Cc: James Morris <jmorris@redhat.com>,
akpm@osdl.org, linux-kernel@vger.kernel.org, arjanv@redhat.com,
dwmw2@infradead.org, greg@kroah.com,
Chris Wright <chrisw@osdl.org>,
sfrench@samba.org, mike@halcrow.us,
Trond Myklebust <trond.myklebust@fys.uio.no>,
Kyle Moffett <mrmacman_g4@mac.com>
Subject: Re: [PATCH] implement in-kernel keys & keyring management
Date: Mon, 09 Aug 2004 11:16:04 +0100 [thread overview]
Message-ID: <20950.1092046564@redhat.com> (raw)
In-Reply-To: <Pine.LNX.4.58.0408082114230.1832@ppc970.osdl.org>
Linus Torvalds <torvalds@osdl.org> wrote:
> So the "I don't have a key" case is more of an issue where somebody tries
> to mount an encrypted filesystem, and the filesystem says "you don't have
> a key".
Or in a network filesystem, such as AFS, CIFS or SMB where the key holds the
user identity mapping - perhaps a Kerberos ticket.
What I envision for AFS is that there'll be a TGT somewhere on the system,
perhaps in another key, and request-key will invoke a request to the kerberos
server to get an AFS ticket based on that TGT.
> It's not a thing like "you tried to open a file" that happens thousands of
> times a second - that one would get an EACCES if you don't have a key.
Well, each open call would incur a key search, but I've half taken care of the
problem. Adding the concept of a limited-duration negative key would, I think,
take care of the rest.
> It would be more like "the mount binary needs a key to mount this volume,
> so let's request that key first".
>
> David, have you actually coded up something that uses the user callback,
> maybe you can describe a realistic schenario...
Well:
keyctl request <type> <description> <keyring>
Can be used to drive it at the moment, so that I can check that it works.
The scenario I'm mainly interested in involves kAFS/OpenAFS with Kerberos or
other authentication (see above). But I talked to a number of people at OLS
who also expressed an interest.
I need to work on my kAFS client at some point soon to get that to use it, but
that'll be a couple of weeks at least, I think.
> But at least to me, the /sbin/request-key thing is more like loading a
> module. You might do it to mount a filesystem or read an encrypted volume,
> but you wouldn't do it in the "normal" workload. It's a major event.
With AFS + Krb, you currently make the key available in advance (using the
aklog program) and any request for which you don't have a key fails with some
error or other.
You can't really do it at mount time in this case because you may have more
than one user on the system, and all of them may need to share the same
mountpoints (some people put /usr/ on AFS, for example).
David
next prev parent reply other threads:[~2004-08-09 10:18 UTC|newest]
Thread overview: 33+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-08-07 0:31 [PATCH] implement in-kernel keys & keyring management David Howells
2004-08-07 8:17 ` Andrew Morton
2004-08-08 2:52 ` Greg KH
2004-08-09 9:23 ` David Howells
2004-08-09 20:27 ` Greg KH
2004-08-07 8:59 ` Trond Myklebust
2004-08-07 16:33 ` [PATCH] implement in-kernel keys & keyring management [try #2] David Howells
2004-08-08 4:45 ` James Morris
2004-08-09 9:33 ` David Howells
2004-08-09 14:08 ` James Morris
2004-08-09 14:35 ` David Howells
2004-08-09 15:47 ` James Morris
2004-08-10 18:49 ` David Howells
2004-08-07 17:45 ` [PATCH] implement in-kernel keys & keyring management David Howells
2004-08-07 17:48 ` [PATCH] implement in-kernel keys & keyring management [try #3] David Howells
2004-08-08 5:14 ` [PATCH] implement in-kernel keys & keyring management James Morris
2004-08-08 5:25 ` Linus Torvalds
2004-08-09 1:14 ` James Morris
2004-08-09 4:27 ` Linus Torvalds
2004-08-09 6:32 ` bert hubert
2004-08-09 14:51 ` Alan Cox
2004-08-09 10:01 ` David Howells
2004-08-09 10:16 ` David Howells [this message]
2004-08-09 9:40 ` David Howells
2004-08-09 9:45 ` David Howells
2004-08-09 15:24 ` [PATCH] implement in-kernel keys & keyring management [try #4] David Howells
2004-08-09 21:13 ` Kyle Moffett
2004-08-10 17:59 ` [PATCH] implement in-kernel keys & keyring management [try #5] David Howells
2004-08-11 6:37 ` Chris Wright
2004-08-11 9:46 ` David Howells
2004-08-11 12:34 ` [PATCH] implement in-kernel keys & keyring management [try #6] David Howells
2004-08-11 19:10 ` [PATCH] keys & keyring management: key filesystem David Howells
[not found] <200410191615.i9JGF8IW002712@hera.kernel.org>
2004-10-20 12:52 ` [PATCH] implement in-kernel keys & keyring management Arjan van de Ven
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20950.1092046564@redhat.com \
--to=dhowells@redhat.com \
--cc=akpm@osdl.org \
--cc=arjanv@redhat.com \
--cc=chrisw@osdl.org \
--cc=dwmw2@infradead.org \
--cc=greg@kroah.com \
--cc=jmorris@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mike@halcrow.us \
--cc=mrmacman_g4@mac.com \
--cc=sfrench@samba.org \
--cc=torvalds@osdl.org \
--cc=trond.myklebust@fys.uio.no \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).