Date: Fri, 11 Jun 2004 20:15:23 -0700
From: Chris Wright <chrisw@osdl.org>
To: Kyle Moffett <mrmacman_g4@mac.com>
Cc: linux-kernel@vger.kernel.org
Subject: Re: In-kernel Authentication Tokens (PAGs)
Message-ID: <20040611201523.X22989@build.pdx.osdl.net>
References: <772741DF-BC19-11D8-888F-000393ACC76E@mac.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <772741DF-BC19-11D8-888F-000393ACC76E@mac.com>; from mrmacman_g4@mac.com on Fri, Jun 11, 2004 at 10:37:36PM -0400
Sender: linux-kernel-owner@vger.kernel.org
Content-Length: 1035
Lines: 24

* Kyle Moffett (mrmacman_g4@mac.com) wrote:
> I am working on a generic PAG subsystem for the kernel, something that
> handles BLOB PAG data and could be used for OpenAFS, Coda, NFSv4, etc.
> I have a patch, but it is not well tested yet.  Here is an overview of 
> the
> architecture:
> 
> Each process has a PAG, and each PAG has a parent PAG.  Users are
> allowed to make new PAGs associated with their UID and modify ones that
> are already associated with their UID.  Each PAG consists of a set of 

Hrm.  Wouldn't it be possible that two processes with same uid have
authenticated in different domains, and as such shouldn't be allowed to
touch each other's PAGs?  Or is this not allowed?

thanks,
-chris
-- 
Linux Security Modules     http://lsm.immunix.org     http://lsm.bkbits.net
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/