[OpenAFS-devel] kuserok() checking UID ownership on afs

Nicolas Williams Nicolas.Williams at sun.com
Thu Feb 17 15:29:38 EST 2005

On Thu, Feb 17, 2005 at 01:41:52PM -0600, Troy Benjegerdes wrote:
> The hypothetical daemon I'm thinking of would communicate with the
> kernel AFS components.. the kernel FS layer would map remote cell AFS
> ID's to something that does not conflict with any local UID's, and then
> the mapping daemon could provide usefull names to userspace via nsswitch
> services.



Ignore the mapping RPC protocol.  The algorithm therein can be
implemented locally, if you don't mind different UID/GID namespaces
per-system, or at the directory, if you want a consistent UID/GID
namespace within a domain.

Some details are missing in there that have since been worked out,
particularly around foreign group membership.



More information about the krbdev mailing list