Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S263567AbTEOBVz (ORCPT ); Wed, 14 May 2003 21:21:55 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S263576AbTEOBVy (ORCPT ); Wed, 14 May 2003 21:21:54 -0400 Received: from pat.uio.no ([129.240.130.16]:30698 "EHLO pat.uio.no") by vger.kernel.org with ESMTP id S263567AbTEOBVw (ORCPT ); Wed, 14 May 2003 21:21:52 -0400 To: Linus Torvalds Cc: Garance A Drosihn , Jan Harkes , David Howells , , , Subject: Re: [OpenAFS-devel] Re: [PATCH] PAG support, try #2 References: From: Trond Myklebust Date: 15 May 2003 03:34:25 +0200 In-Reply-To: Message-ID: User-Agent: Gnus/5.0808 (Gnus v5.8.8) XEmacs/21.4 (Honest Recruiter) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-MailScanner-Information: Please contact postmaster@uio.no for more information X-UiO-MailScanner: Found to be clean Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1285 Lines: 23 >>>>> " " == Linus Torvalds writes: > I'm interested in a much more generic issue of "user > credentials", and here a PAG can be _one_ credential that a > user holds on to. But to be useful, a user has to be able to > have multiple such credentials. While one might be his "AFS > userid", another will be his NFS mount credentials, and a third > one will be his key to decrypt his home directory on that > machine. The interesting thing about a PAG is that it is a handle that is shared between userland and the kernel, and carries information about which collection of authentication tokens/credentials a process holds. RPCSEC can be made to use it to communicate which bag of creds the userland daemon may use when it attempts to negotiate a new security context for an NFS user. At the moment all we can tell is 'use the credentials of uid=zyx' which is no good if the user wants 2 subprocesses to authenticate using different remote kerberos accounts, say. Cheers, Trond - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/