Re: In-kernel Authentication Tokens (PAGs)

From: Chris Wright
Date: Fri Jun 11 2004 - 22:16:37 EST

Next message: sliphacker: "Skandal in Berlin 'Key:1980'"
Previous message: Andy Lutomirski: "Re: In-kernel Authentication Tokens (PAGs)"
In reply to: Kyle Moffett: "Re: In-kernel Authentication Tokens (PAGs)"
Next in thread: Kyle Moffett: "Re: In-kernel Authentication Tokens (PAGs)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

* Kyle Moffett (mrmacman_g4@xxxxxxx) wrote:
> I am working on a generic PAG subsystem for the kernel, something that
> handles BLOB PAG data and could be used for OpenAFS, Coda, NFSv4, etc.
> I have a patch, but it is not well tested yet. Here is an overview of
> the
> architecture:
>
> Each process has a PAG, and each PAG has a parent PAG. Users are
> allowed to make new PAGs associated with their UID and modify ones that
> are already associated with their UID. Each PAG consists of a set of

Hrm. Wouldn't it be possible that two processes with same uid have
authenticated in different domains, and as such shouldn't be allowed to
touch each other's PAGs? Or is this not allowed?

thanks,
-chris
--
Linux Security Modules http://lsm.immunix.org http://lsm.bkbits.net
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: sliphacker: "Skandal in Berlin 'Key:1980'"
Previous message: Andy Lutomirski: "Re: In-kernel Authentication Tokens (PAGs)"
In reply to: Kyle Moffett: "Re: In-kernel Authentication Tokens (PAGs)"
Next in thread: Kyle Moffett: "Re: In-kernel Authentication Tokens (PAGs)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]