On Wed, Jan 07, 2015 at 01:55:25PM -0500, J. Bruce Fields wrote: > On Wed, Jan 07, 2015 at 01:47:53PM -0500, Weston Andros Adamson wrote: > > Ah, right, but only for state operations that don’t touch the filesystem: > > > > OP_BIND_CONN_TO_SESSION > > OP_EXCHANGE_ID > > OP_CREATE_SESSION > > OP_DESTROY_SESSION > > OP_DESTROY_CLIENTID > > > > Which is not that interesting, since the client should already be using the machine cred > > with these operations. > > > > What is interesting is supporting write and commit (and associated ops, i.e. sequence). > > That way when a client is doing buffered writes and the user cred expires, it can flush the > > locally cached data. This is what the linux client SP4_MACH_CRED feature focused on. > > > > I think implementing SP4_MACH_CRED for these operations has the issue I mentioned > > earlier: the fh_verify path will have to check credentials against some cached credential > > (tied to the stateid), because request will contain the machine credential and not the user > > credential that previous writes (before cred expiration) used. > > Oh, I see. Yeah, that sounds like a bigger project. (And I'd be curious what the security model is.) --b. -- To unsubscribe from this list: send the line "unsubscribe linux-nfs" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
