[OpenAFS] Authentication without aklog

David Howells dhowells@redhat.com
Fri, 01 Aug 2014 15:15:26 +0100

chas williams - CONTRACTOR <chas@cmf.nrl.navy.mil> wrote:

> Not impossible for Linux.  I believe that the Linux keyring code
> allows for down calls from the kernel to user space in order to ask
> something to insert the appropriate keys (see keys-request-key.txt in
> the Linux kernel).

Yes.  request_key() will call out to userspace to instantiate a key it doesn't
have yet, passing the caller's keyrings over so that the TGT can be retrieved.