From: Jamie Lokier <jamie@shareable.org>
To: Steve French <smfrench@gmail.com>
Cc: Stef Bon <stefbon@gmail.com>, Jeff Layton <jlayton@redhat.com>,
linux-cifs-client@lists.samba.org, linux-fsdevel@vger.kernel.org
Subject: Re: [linux-cifs-client] [PATCH 00/11] cifs: implement multisession mounts (try #2)
Date: Sat, 24 Apr 2010 03:30:35 +0100 [thread overview]
Message-ID: <20100424023035.GG15349@shareable.org> (raw)
In-Reply-To: <u2r524f69651004220957q10604215x57df14fbdb49e737@mail.gmail.com>
Steve French wrote:
> > Perhaps extending FUSE on the user side, if autofs isn't appropriate.
> > FUSE is very programmable, and the kernel side can cache some things.
> > If better caching is needed, that would be to everyone's benefit.
>
> Caching as in cache-fs? or as in caching user credentials?
User credentials in this case. I don't know if FUSE actually does
that - only that the architecture could go in that direction if useful.
> > That kind of approach would help other filesystems as much as CIFS.
> >
> > Of course all of this still needs the ability to create new CIFS
> > sessions when needed :-) But triggering it from userspace has a lot of
> > advantages.
>
> Yes, but not as easy as it sounds to ask the user anything
> (e.g. on "find /") even if kde/gnome desktop would popups on
> fist attempt to access each directory mounted to servers we don't
> have credentials or userid/password for (for this user).
> We need the userid/password or krb5 ticket to use to
> setup the session (we could ask winbind or the kernel keyring to
> provide this). I prefer longterm that cifs or its helpers don't do password
> storage, but rather some service such as winbind working with
> the kernel keyring do this - so it can be analyzed by more eyes
> to make sure it is secure.
I agree it's not particularly easy, and I agree with _not_ storing
passwords in the kernel.
You seem to agree that a userspace helper should be involved
(winbind), and the keyring seems a natural thing to use kernel side,
which is really the same as what I've suggested, only I'd put a bit
more of the mount-traversal decision making and session setup into
'winbind-plus'.
-- Jamie
--
To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
next prev parent reply other threads:[~2010-04-24 2:30 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-04-20 20:07 [PATCH 00/11] cifs: implement multisession mounts (try #2) Jeff Layton
2010-04-20 20:07 ` [PATCH 01/11] cifs: add function to get a tcon from cifs_sb Jeff Layton
2010-04-20 20:07 ` [PATCH 02/11] cifs: add tcon field to cifsFileInfo struct Jeff Layton
2010-04-20 20:07 ` [PATCH 03/11] cifs: make various routines use the cifsFileInfo->tcon pointer Jeff Layton
2010-04-20 20:07 ` [PATCH 04/11] cifs: have find_readable/writable_file filter by fsuid Jeff Layton
2010-04-20 20:07 ` [PATCH 05/11] cifs: fix cifs_show_options to show "username=" or "multises" Jeff Layton
2010-04-20 20:07 ` [PATCH 06/11] cifs: have cifs_new_fileinfo take a tcon arg Jeff Layton
2010-04-20 20:07 ` [PATCH 07/11] cifs: allow for cifs_sb_tcon() to return an error Jeff Layton
2010-04-20 20:07 ` [PATCH 08/11] cifs: fix handling of signing with writepages Jeff Layton
2010-04-20 20:07 ` [PATCH 09/11] cifs: add routines to build sessions and tcons on the fly Jeff Layton
2010-04-20 20:07 ` [PATCH 10/11] cifs: on multises mount, set ownership to current_fsuid/current_fsgid Jeff Layton
2010-04-20 20:07 ` [PATCH 11/11] cifs: add "multises" mount option Jeff Layton
2010-04-21 2:42 ` [PATCH 00/11] cifs: implement multisession mounts (try #2) Steve French
2010-04-21 14:16 ` Stef Bon
2010-04-21 18:13 ` [linux-cifs-client] " Jeff Layton
2010-04-22 14:56 ` Stef Bon
2010-04-22 15:39 ` Jamie Lokier
2010-04-22 16:57 ` Steve French
2010-04-24 2:30 ` Jamie Lokier [this message]
2010-04-22 19:25 ` Jeff Layton
2010-04-22 19:55 ` Steve French
2010-04-24 2:26 ` [linux-cifs-client] " Jamie Lokier
2010-04-22 17:51 ` Jeff Layton
2010-04-22 19:55 ` Stef Bon
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20100424023035.GG15349@shareable.org \
--to=jamie@shareable.org \
--cc=jlayton@redhat.com \
--cc=linux-cifs-client@lists.samba.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=smfrench@gmail.com \
--cc=stefbon@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.