From: Neil Brown (neilb@cse.unsw.edu.au)
Date: 10/14/99-10:45:55 PM Z
From: Neil Brown <neilb@cse.unsw.edu.au> Date: Fri, 15 Oct 1999 13:45:55 +1000 (EST) Message-ID: <14342.41843.191214.917026@notabene.cse.unsw.EDU.AU> Subject: Re: Feedback on draft-ietf-nfsv4-01 - stateid - newgrp? On Thursday October 14, mre@eng.sun.com wrote: > > (ASIDE: > > actually, this is a bit like chgrp in Unix, which requires you to > > own the file and be a member of the group, so you need two > > credentials. AUTH_SYS allows you to send multiple credentials, > > pretending that it is one big credential. How does KerberosV > > cope with the possibility of a "newgrp" command? Does it?) > > The Microsoft version of Kerberos V5 allows this by including user id and > group id information in the ticket from the KDC. (However the method by which > this information is encoded is, to my knowledge, non-standard, and not > documented). The KDC thus becomes both an authenticator and authorizer. > Generic versions of the Kerberos V5 KDC tend to stay away from operating > system specific concepts like uids and gids. So, if using say Solaris7, with > the Solaris Kerberos V5 (SEAM 1.0), newgrp won't work for you, because the NFS > server just gets your principal name, and maps you to uid and gid, and gid > list that the NFS server determines from the passwd and group databases. > > When you raised your question, I was surprised to find that Solaris supports > newgrp. I'd assumed for the last 16 years that use newgrp had been > replaced by the much more sensible multiple group stuff that > 4.2 BSD introduced. Does Linux support newgrp? > > NFS over AUTH_DES works the same way as NFS over KerberosV5. NFS/AUTH_DES > is over 10 years old, and I've never come across a customer complaint > about the newgrp issue. > > RPCSEC_GSS is flexible enough to support newgrp semantics. It's just > a small matter of finding a GSS-API mechanism to plug into it. I think > we should stick with generic stuff, to increase the opportunities for > interoperability in heterogeneous environments. > > -mre Linux does support newgrp, though it probably isn't used much. I was just trying to think of a current API that didn't match the services provided. I guess that if the security service used doesn't support something like newgrp (or user-selected capabilities in general), then there is nothing NFSv4 can do about it, and if the security service does support it, then NFSv4 would just treat a different security context as a different nfs_lockowner. NeilBrown
This archive was generated by hypermail 2.1.2 : 03/04/05-01:47:44 AM Z CST