Date: Sat, 16 Sep 1995 21:22:43 -0500 From: peter@taronga.com (Peter da Silva) Subject: Re: smfs Message-ID: <199509170222.VAA22761@bonkers.taronga.com> References: <199509131909.MAA04080@rah.star-gate.com> <199509131958.MAA08030@phaeton.artisoft.com>
next in thread | previous in thread | raw e-mail | index | archive | help
In article <199509131958.MAA08030@phaeton.artisoft.com>, Terry Lambert <terry@lambert.org> wrote: >I suppose you could provide the equivalent of a "net use" command for use >in user space, and deny the lookup until such time as that had occurred. OpenNET supported a "net use" command that squirrelled away SMB authentication information in the kernel and associated it with the user-ID. This is much more straightforward than associating it with a login or a process, and also more intuitive (userid on machine A is mapped to username on machine B). >Almost any way you look at it, it amounts to modifying the UNIX credential >instances so that an instance is shared between all processes that are >authenticated as a particular user. But that's how UNIX security *works*, on a per-user-ID basis. It's perfectly logical, and I don't see why you're making a big deal out of trying to do it any other way. >The idea of a credential being associated with a process rather than >referenced by a process is quite broken. The credential (user-id) is associated with a process, but itself works just fine as a reference. It's a small integer that can be used to index a SMB id table no problem.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199509170222.VAA22761>