Jan Harkes <jaharkes_at_cs.cmu.edu> writes:

> It is interesting, I think several types of administrative operations
> like server probes (cfs cs) don't really care about authentication.

I think even this is more complicated.

As a user I'd like 'cfs cs' to use my authenticated connection, because
that verifies that the connection I want to use for data works.  Sort of
like ping over IPsec.

Maybe there should also be 'cfs csu' to use an unauthenticated
connection, for debugging.

I would think that cfs cs using authenticated would fall out of a
general approach to sort uid/realm pairs into those that have/want
authenticated data and those that are doing unauthenticated access.

Once a user does clog to a realm, then that uid/realm should marked as
authenticated access only.  This means per uid bookkeeping on data that
it was authenticated.  On cunlog, unauthenticated access could be
allowed, although we should perhaps split

  a) get rid of my tokens on this machine

  b) (a) and flush the cache of all my data

  c) i want to use unauthenticated access

So perhaps a 'cfs unauth realm' to remove the 'uid/realm needs auth'
status.

These comments are from someone who hasn't looked at the code; it's just
my take on desired behavior, and I haven't thought deeply.

> But resolving a realm root and mounting a volume should be treated
> like GetAttr, they should operate on behalf of a specific
> (authenticated) user.

I agree.