Weekly Edition
Return to the Kernel page
| ||||||||||||||||
|
| ||||||||||||||||
[PATCH] Secure user authentication using RPCSEC_GSS [0/7]
RPCSEG_GSS is the security mechanism of choice for NFSv4. It provides a protocol for negotiating secure authentication and data transfers on a per-user basis in a manner that is independent of the underlying security mechanisms. The actual security negotiation can be done out of band, so it makes sense to delegate as much of this as possible to a userland daemon. The result of negotiation is a security 'context' which is cached in the kernel, and is subsequently used for authentication (as part of the credential in the RPC header) and/or for data integrity/privacy protection (using whatever crypto mechanism your chosen security mechanisms support). The following set of patches provide basic kernel RPC client support for the generic RPCSEC_GSS protocol, and for communicating with a userland daemon that does the actual the security context negotiation with the RPC server. Communication between kernel and userland is done over a set of named pipes (in much the same way as the CODA upcall/downcall is done) in a private ramfs-like filesystem. This set of 7 patches does not include any actual security mechanisms, and only provides the functionality necessary to do client-side user authentication. A subsequent patch will add the Kerberos 5 security functionality. Cheers, Trond ------------------------------------------------------- This sf.net email is sponsored by: Influence the future of Java(TM) technology. Join the Java Community Process(SM) (JCP(SM)) program now. http://ads.sourceforge.net/cgi-bin/redirect.pl?sunm0004en _______________________________________________ NFS maillist - NFS@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nfs |
|
|||||||||||||||