(Illustration by Gaich Muramatsu)
Jan Harkes <jaharkes_at_cs.cmu.edu> writes: > It is interesting, I think several types of administrative operations > like server probes (cfs cs) don't really care about authentication. I think even this is more complicated. As a user I'd like 'cfs cs' to use my authenticated connection, because that verifies that the connection I want to use for data works. Sort of like ping over IPsec. Maybe there should also be 'cfs csu' to use an unauthenticated connection, for debugging. I would think that cfs cs using authenticated would fall out of a general approach to sort uid/realm pairs into those that have/want authenticated data and those that are doing unauthenticated access. Once a user does clog to a realm, then that uid/realm should marked as authenticated access only. This means per uid bookkeeping on data that it was authenticated. On cunlog, unauthenticated access could be allowed, although we should perhaps split a) get rid of my tokens on this machine b) (a) and flush the cache of all my data c) i want to use unauthenticated access So perhaps a 'cfs unauth realm' to remove the 'uid/realm needs auth' status. These comments are from someone who hasn't looked at the code; it's just my take on desired behavior, and I haven't thought deeply. > But resolving a realm root and mounting a volume should be treated > like GetAttr, they should operate on behalf of a specific > (authenticated) user. I agree.Received on 2007-04-06 10:35:28