|| ||Trond Myklebust <firstname.lastname@example.org>|
|| ||Linus Torvalds <email@example.com>|
|| ||[NFS] [PATCH] Secure user authentication using RPCSEC_GSS [0/7]|
|| ||Thu, 31 Oct 2002 21:19:09 +0100|
|| ||NFS maillist <firstname.lastname@example.org>, email@example.com|
RPCSEG_GSS is the security mechanism of choice for NFSv4. It provides
a protocol for negotiating secure authentication and data transfers on
a per-user basis in a manner that is independent of the underlying
The actual security negotiation can be done out of band, so it makes
sense to delegate as much of this as possible to a userland
daemon. The result of negotiation is a security 'context' which is
cached in the kernel, and is subsequently used for authentication (as
part of the credential in the RPC header) and/or for data
integrity/privacy protection (using whatever crypto mechanism your
chosen security mechanisms support).
The following set of patches provide basic kernel RPC client support
for the generic RPCSEC_GSS protocol, and for communicating with a
userland daemon that does the actual the security context negotiation
with the RPC server.
Communication between kernel and userland is done over a set of named
pipes (in much the same way as the CODA upcall/downcall is done) in a
private ramfs-like filesystem.
This set of 7 patches does not include any actual security
mechanisms, and only provides the functionality necessary to do
client-side user authentication. A subsequent patch will add the
Kerberos 5 security functionality.
This sf.net email is sponsored by: Influence the future
of Java(TM) technology. Join the Java Community
Process(SM) (JCP(SM)) program now.
NFS maillist - NFS@lists.sourceforge.net