[OpenAFS-devel] kuserok() checking UID ownership on afs

Nicolas Williams Nicolas.Williams@Sun.COM
Thu, 17 Feb 2005 14:29:38 -0600


On Thu, Feb 17, 2005 at 01:41:52PM -0600, Troy Benjegerdes wrote:
> The hypothetical daemon I'm thinking of would communicate with the
> kernel AFS components.. the kernel FS layer would map remote cell AFS
> ID's to something that does not conflict with any local UID's, and then
> the mapping daemon could provide usefull names to userspace via nsswitch
> services.

See:

http://mirrors.isc.org/pub/www.watersprings.org/pub/id/draft-williams-nfsv4-ace-mapping-01.txt

Ignore the mapping RPC protocol.  The algorithm therein can be
implemented locally, if you don't mind different UID/GID namespaces
per-system, or at the directory, if you want a consistent UID/GID
namespace within a domain.

Some details are missing in there that have since been worked out,
particularly around foreign group membership.

Cheers,

Nico
--