[OpenAFS] Linux kernel 2.6 & AFS
Douglas E. Engert
deengert@anl.gov
Tue, 24 Feb 2004 08:14:42 -0600
Jim Rees wrote:
>
> Linus's objection had nothing to do with the patch being afs specific. His
> objection was to the entire idea of pags:
>
> A "user" is by definition what the unix filesystem considers to be the
> "atom of security".
>
I have only been marginally involved, but I think thre is a case to argue
this point.
In a single machine the above is true. But Unix/Linux has no concept
of a network identity with the ability to use network credentials from
within the kernel.
One could argue the UID is THE credential for access to the local file
system. Possession of the UID by the kernel for a process allows that
process access to the local file system.
The PAG in effect is one way for the Linux kernel to support these network
credentials. If added correctly, they could be used for more then file
systems like IPSEC or TLS in the kernel. Its not the PAG, but the ability
to use network credentials that is needed.
(The "su" command could be viewed as acquiring new credentials for
the local file system.)
AFS, NFSv4, DFS, CODA, and even Window with NTFS have all addressed the
network identity and file systems in some way by adding code to the kernel.
Linux has not.
> But he seems open to the idea, especially if logins are pagless by default.
> Read the entire thread. I think if the patch were split in two (it also has
> an afs multiplexor part), and the pag part was made non-afs specific (really
> just disconnect it from pioctl), it might have a chance.
>
> Trond's office is right across the hall from mine. If someone can come up
> with a proper patch I might be able to enlist his help.
> _______________________________________________
> OpenAFS-info mailing list
> OpenAFS-info@openafs.org
> https://lists.openafs.org/mailman/listinfo/openafs-info
--
Douglas E. Engert <DEEngert@anl.gov>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(630) 252-5444