[OpenAFS-devel] kuserok() checking UID ownership on afs
Nicolas Williams
Nicolas.Williams@Sun.COM
Thu, 17 Feb 2005 14:29:38 -0600
On Thu, Feb 17, 2005 at 01:41:52PM -0600, Troy Benjegerdes wrote:
> The hypothetical daemon I'm thinking of would communicate with the
> kernel AFS components.. the kernel FS layer would map remote cell AFS
> ID's to something that does not conflict with any local UID's, and then
> the mapping daemon could provide usefull names to userspace via nsswitch
> services.
See:
http://mirrors.isc.org/pub/www.watersprings.org/pub/id/draft-williams-nfsv4-ace-mapping-01.txt
Ignore the mapping RPC protocol. The algorithm therein can be
implemented locally, if you don't mind different UID/GID namespaces
per-system, or at the directory, if you want a consistent UID/GID
namespace within a domain.
Some details are missing in there that have since been worked out,
particularly around foreign group membership.
Cheers,
Nico
--