• Trond Myklebust's avatar
    [PATCH] RPCSEC_GSS authentication framework [4/6] · 8d188768
    Trond Myklebust authored
    This patch provides the basic framework for RPCSEC_GSS authentication
    in the RPC client. The protocol is fully described in RFC-2203.
    Sun has supported it in their commercial NFSv3 and v2 implementations
    for quite some time, and it has been specified in RFC3010 as being
    mandatory for NFSv4.
    
      - Update the mount_data struct for NFSv2 and v3 in order to allow them
        to pass an RPCSEC_GSS security flavour. Compatibility with existing
        versions of the 'mount' program is ensured by requiring that RPCSEC
        support be enabled using the new flag NFS_MOUNT_SECFLAVOUR.
      - Provide secure authentication, and later data encryption on
        a per-user basis. A later patch will an provide an implementation
        of the Kerberos 5 security mechanism. SPKM and LIPKEY are still
        being planned.
      - Security context negotiation and initialization are all assumed
        to be done in userland. A later patch will provide the actual upcall
        mechanisms to allow for this.
    8d188768
inode.c 41.4 KB