Date: Fri, 16 Mar 2001 19:57:38 +0000 (GMT) From: Terry Lambert <tlambert@primenet.com> To: crossd@cs.rpi.edu (David E. Cross) Cc: freebsd-arch@FreeBSD.ORG Subject: Re: idle wonderings about 'struct pcred' Message-ID: <200103161957.MAA16801@usr02.primenet.com> In-Reply-To: <200103161910.OAA81258@cs.rpi.edu> from "David E. Cross" at Mar 16, 2001 02:10:55 PM
next in thread | previous in thread | raw e-mail | index | archive | help
> What I had in mind would be something like the following:
>
> struct pcred {
> enum p_type;
> void *p_data;
> struct pcred *next;
> };
>
> (That is a _very_ rough idea).
>
> Our current, traditional, 'struct pcred' would become 'pcred_unix', with
> a p_type of 0 (#define-d to PCRED_TYPE_UNIX) and would be stuffed into the
> p_data pointer).
>
> What do people think?
Good idea. I have been pushing for something like this for years.
It would let you "preauthenticate" (ala a "password cache" on
login, or an explicit "add credential for XXX" program) for things
like per user authentication for an SMB or Appletalk client, on
a per user basis (most SMBFS implementations are useless, because
they do not offer per user security, unless you are using a single
user client OS like Windows).
The next neat step would be a "session manager", which would sit
on an fd listening for "new credential needed" requests from the
kernel, and interrogating the user.
For example, you could have a KDE program that sat there and waited,
and when the user tried to access a password protected file, a network
share, /dev/io, the CDROM, tape backup unit, mount an FS as someone
other than root, or whatever, it could pop up a dialog and say:
,---------------------------------.
| sessiond |
|---------------------------------|
| |
| Restricted access file: foo.txt |
| |
| Password: [ ] |
| |
| < OK > <CANCEL> < HELP > |
| |
`---------------------------------'
Terry Lambert
terry@lambert.org
---
Any opinions in this posting are my own and not those of my present
or previous employers.
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-arch" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200103161957.MAA16801>