Re: [RFC] New authentication management syscalls
David Howells (dhowells@warthog.cambridge.redhat.com)
Fri, 09 May 2003 21:06:46 +0100
> > I think this might be a better idea than the name of a mountpoint as it
> > would then be possible to set the tokens prior to mounting, maybe so that
> > you _can_ mount.
> >
> > I'm thinking a bit of samba here, where authentication information needs
> > to be passed upon mounting (workstation/domain, username, password).
>
> How does this map up with Viro's idea of a two stage mount. IIRC, it
> was someting akin to:
>
> fsfd = open(/dev/fs_type/ext2)
> write(fd, "device and options, potentially including auth...");
> mntfd = open("mntpt");
> newmount(fd, mntfd, MNT_ATTACH);
>
> or something like that. Wouldn't that give you a free form abiility to
> talk to the fs driver and authenticate as needed? Is this plan still
> alive?
Then you end up with a copy of the token for every mountpoint, which may not
be what you want.
With my AFS client for instance, you want at most one token per cell per
PAG. Each cell contains potentially lots of volumes, and each volume is
mounted as a separate mount.
OTOH, with OpenAFS, you get one mount for everything and everyone, and that
contains all cells and all volumes, and so will almost certainly have the
tokens uploaded post-mount.
David
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/