From: David Howells <dhowells@warthog.cambridge.redhat.com>
To: Linus Torvalds <torvalds@transmeta.com>
Cc: Dean Anderson <dean@av8.com>,
Trond Myklebust <trond.myklebust@fys.uio.no>,
Garance A Drosihn <drosih@rpi.edu>,
Jan Harkes <jaharkes@cs.cmu.edu>,
David Howells <dhowells@redhat.com>,
linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org
Subject: Re: [OpenAFS-devel] Re: [PATCH] PAG support, try #2
Date: Thu, 15 May 2003 17:41:01 +0100 [thread overview]
Message-ID: <7736.1053016861@warthog.warthog> (raw)
In-Reply-To: <Pine.LNX.4.44.0305150913130.1841-100000@home.transmeta.com>
> > Pardon me if I'm wrong, but doesn't the PAG already allow for multiple
> > credentials?
>
> Yes, but the patch did not allow for
>
> - partial sharing (keys are bound to _one_ PAG, and one PAG only)
>
> This makes "revoke" pretty much useless, since you have a damn hard
> time finding all the keys, since you have to copy them around instead
> of sharing one instance.
Okay, so separate PAG IDs and credentials. Have a separate credential cache
to which the PAG ID is but one of the keys, then share entries that have a
common (remote-user-ID,fsname,domain) key.
> It also makes grouping very hard.
Grouping is superfluous and not trivial at any time. Use ACLs.
> - the name space is so limited that you _have_ to consider the PAG ID's
> temporary, which means that you have to add a whole new layer of
> maintenance in user space.
PAG IDs _are_ ephemeral.
> Neither of these are apparently problems in the AFS world, because there
> is only one entity that gives out keys, so that one entity can keep track
> of every key ever allocated.
That's not exactly so (see next comment).
> But look at the big picture. What happens when you have multiple sources
> of keys that have nothing to do with each other.
Like AFS, you mean? Each AFS cell (or cell group) may contain an independent
kerberos server that dispenses keys that are nothing to do with the kerberos
tickets granted by another cell.
For instance, the openafs.org cell my grant me a ticket for accessing there,
but that wouldn't be any use for redhat.com or cambridge.redhat.com
cells. Whereas the redhat kerberos server might grant me a ticket that'd
permit me to access either redhat cell.
> How do you maintain sanity in that kind of world, when the numbers don't
> have any meaning, and one of the key maintainers doing a "join" operation
> will throw away all the work that the other key maintainers did.
Assuming there is a join operation. I think setpag() should go, leaving only
newpag().
> > Linus seems to be arguing for multiple PAGs, like multiple
> > GIDs. But I think that functionality is really there, inside the PAG.
>
> No it isn't. You can't do independent joins, since as it is, the code has
> an "all or nothing" approach.
Independent joins aren't necessarily good either. They add lots of complexity
and consume lots of kernel resources.
> Again, this works in a single-use environment, where there is central
> control. It _sucks_ if you want to have a generic "bunch of keys" model.
I've tried to make my PAG patch support a multi-use environment.
David
next prev parent reply other threads:[~2003-05-15 16:28 UTC|newest]
Thread overview: 39+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-05-14 10:43 [PATCH] PAG support, try #2 David Howells
2003-05-14 10:56 ` Christoph Hellwig
2003-05-14 11:56 ` David Howells
2003-05-14 12:35 ` Christoph Hellwig
2003-05-14 12:45 ` William Lee Irwin III
2003-05-14 12:57 ` Jeff Garzik
2003-05-14 11:49 ` Matthew Wilcox
2003-05-14 12:03 ` David Howells
2003-05-14 16:49 ` Linus Torvalds
2003-05-14 17:37 ` David Howells
2003-05-15 11:18 ` Ingo Oeser
2003-05-18 14:51 ` Trond Myklebust
2003-05-14 19:28 ` H. Peter Anvin
2003-05-14 16:58 ` Jan Harkes
2003-05-14 17:11 ` Jan Harkes
2003-05-14 20:45 ` [OpenAFS-devel] " Harald Barth
2003-05-15 0:14 ` Garance A Drosihn
2003-05-15 0:57 ` Linus Torvalds
2003-05-15 1:34 ` Trond Myklebust
2003-05-15 2:30 ` Linus Torvalds
2003-05-15 14:04 ` Dean Anderson
2003-05-15 16:20 ` Linus Torvalds
2003-05-15 16:41 ` David Howells [this message]
2003-05-15 17:23 ` Linus Torvalds
2003-05-16 12:12 ` David Howells
2003-05-15 23:00 ` Garance A Drosihn
2003-05-15 23:21 ` QM_MODULES Function not implemented John Shillinglaw
2003-05-16 0:53 ` [OpenAFS-devel] Re: [PATCH] PAG support, try #2 Nathan Neulinger
2003-05-15 4:26 ` Russ Allbery
2003-05-15 4:59 ` Linus Torvalds
2003-05-15 15:34 ` Booker Bense
2003-05-15 13:12 ` Garance A Drosihn
2003-05-15 15:55 ` Douglas E. Engert
2003-05-15 13:35 ` David Howells
2003-05-15 13:55 ` chas williams
[not found] <BKEGKPICNAKILKJKMHCAKEDODAAA.Riley@Williams.Name>
2003-05-15 13:26 ` Garance A Drosihn
[not found] <499763005@toto.iv>
2003-05-15 23:44 ` Peter Chubb
-- strict thread matches above, loose matches on Subject: below --
2003-05-16 18:05 Dr. Greg Wettstein
2003-05-16 18:28 ` Jesse Pollard
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=7736.1053016861@warthog.warthog \
--to=dhowells@warthog.cambridge.redhat.com \
--cc=dean@av8.com \
--cc=dhowells@redhat.com \
--cc=drosih@rpi.edu \
--cc=jaharkes@cs.cmu.edu \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=torvalds@transmeta.com \
--cc=trond.myklebust@fys.uio.no \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox