From owner-freebsd-hackers Sat Sep 16 19:47:22 1995 Return-Path: owner-hackers Received: (from root@localhost) by freefall.freebsd.org (8.6.12/8.6.6) id TAA19449 for hackers-outgoing; Sat, 16 Sep 1995 19:47:22 -0700 Received: from UUCP-GW.CC.UH.EDU (root@UUCP-GW.CC.UH.EDU [129.7.1.11]) by freefall.freebsd.org (8.6.12/8.6.6) with SMTP id TAA19439 for ; Sat, 16 Sep 1995 19:47:17 -0700 Received: from Taronga.COM by UUCP-GW.CC.UH.EDU with UUCP id AA24618 (5.67a/IDA-1.5 for hackers@freebsd.org); Sat, 16 Sep 1995 21:32:32 -0500 Received: (from peter@localhost) by bonkers.taronga.com (8.6.11/8.6.9) id VAA22761 for hackers@freebsd.org; Sat, 16 Sep 1995 21:22:43 -0500 Date: Sat, 16 Sep 1995 21:22:43 -0500 From: peter@taronga.com (Peter da Silva) Message-Id: <199509170222.VAA22761@bonkers.taronga.com> Newsgroups: junk Subject: Re: smfs References: <199509131909.MAA04080@rah.star-gate.com> <199509131958.MAA08030@phaeton.artisoft.com> Organization: Taronga Park BBS Apparently-To: hackers@freebsd.org Sender: owner-hackers@freebsd.org Precedence: bulk In article <199509131958.MAA08030@phaeton.artisoft.com>, Terry Lambert wrote: >I suppose you could provide the equivalent of a "net use" command for use >in user space, and deny the lookup until such time as that had occurred. OpenNET supported a "net use" command that squirrelled away SMB authentication information in the kernel and associated it with the user-ID. This is much more straightforward than associating it with a login or a process, and also more intuitive (userid on machine A is mapped to username on machine B). >Almost any way you look at it, it amounts to modifying the UNIX credential >instances so that an instance is shared between all processes that are >authenticated as a particular user. But that's how UNIX security *works*, on a per-user-ID basis. It's perfectly logical, and I don't see why you're making a big deal out of trying to do it any other way. >The idea of a credential being associated with a process rather than >referenced by a process is quite broken. The credential (user-id) is associated with a process, but itself works just fine as a reference. It's a small integer that can be used to index a SMB id table no problem.