(Illustration by Gaich Muramatsu)
It was mentioned that RPC2 is already instrumented to use multiple authentication protocols - Kerberos V4 being one that is apparently already implemented. I was wondering if PAGs (ala AFS, DFS) are implemented in the Linux and *BSD ports. If so, how are they implemented? PAGs allow user-authentication information (i.e. Kerberos authenticators) to follow a Unix process group (a tree of Unix processes originating from a process leader). This allow your to login to the box, authenticate to AFS/DFS/etc. etc, and have your filesystem network credentials follow you as you go about forking new processes (i.e. xterms). PAGs are something I will have to face next year (1998) when I start the port of DFS to Linux as well. It would be nice if there existed a generic way of attaching, updating, deleting opaque authentication information with each Linux or BSD process in-kernel so that all of our network filesystems can co-exist with each other. As far as I know, Linux doesnt support such a facility. Linux AFS does not have PAGs, like Solaris/AIX/etc AFS do. Instead, Linux AFS maps Unix UIDs to the AFS token. It would be very cool to bang heads together with Linus et. al. and work out a design that makes sense for the most generic case. It is not unlikely to have AFS, DFS, Coda, Kerberized NFS and Windows SMBFS all running on the same box, each with different authentication credentials stored in kernel for each user, for each filesystem technology. So, eventually, this will need to be solved. -- Jim +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Jim Doyle Boston University Information Technology Systems Analyst/Programmer email: jrd_at_bu.edu Distributed Systems tel. (617)-353-8248 -+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-++--+-+-+-+-+-+-Received on 1997-12-10 14:53:37