From owner-freebsd-arch@freebsd.org  Fri Dec  7 10:33:01 2018
Return-Path: <owner-freebsd-arch@freebsd.org>
Delivered-To: freebsd-arch@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 4EC3A1333EBC
 for <freebsd-arch@mailman.ysv.freebsd.org>;
 Fri,  7 Dec 2018 10:33:01 +0000 (UTC) (envelope-from jack@gandi.net)
Received: from gandi.net (mail12.gandi.net
 [IPv6:2001:4b98:dc4:5:ae1f:6bff:fe2d:9fdc])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 6599784479;
 Fri,  7 Dec 2018 10:33:00 +0000 (UTC) (envelope-from jack@gandi.net)
Received: from thinkpad-gandi (tgordon.gandi.net [217.70.181.24])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by gandi.net (Postfix) with ESMTPS id 042D01604AD;
 Fri,  7 Dec 2018 10:32:52 +0000 (UTC)
Date: Fri, 7 Dec 2018 11:32:51 +0100
From: Jack Halford <jack@gandi.net>
To: freebsd-arch@freebsd.org
Cc: zml@freebsd.org, mdf@freebsd.org, fatih@gandi.net
Subject: per thread credentials
Message-ID: <20181207103251.s5xao5ji4rx5omcz@thinkpad-gandi>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Disposition: inline
User-Agent: NeoMutt/20180716
X-Rspamd-Queue-Id: 6599784479
X-Spamd-Result: default: False [-3.23 / 15.00]; ARC_NA(0.00)[];
 NEURAL_HAM_MEDIUM(-1.00)[-0.996,0]; FROM_HAS_DN(0.00)[];
 RCPT_COUNT_THREE(0.00)[4];
 R_SPF_ALLOW(-0.20)[+ip6:2001:4b98:dc4:5::/64];
 NEURAL_HAM_LONG(-1.00)[-1.000,0]; MIME_GOOD(-0.10)[text/plain];
 TO_DN_NONE(0.00)[]; DMARC_NA(0.00)[gandi.net];
 TO_MATCH_ENVRCPT_SOME(0.00)[];
 MX_GOOD(-0.01)[mail8.gandi.net,mail12.gandi.net];
 NEURAL_HAM_SHORT(-0.91)[-0.911,0];
 IP_SCORE(-0.51)[asn: 203476(-2.55), country: FR(-0.02)];
 FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[];
 MID_RHS_NOT_FQDN(0.50)[];
 ASN(0.00)[asn:203476, ipnet:2001:4b98:dc4::/48, country:FR];
 RCVD_COUNT_TWO(0.00)[2]; RCVD_TLS_ALL(0.00)[]
X-Rspamd-Server: mx1.freebsd.org
X-BeenThere: freebsd-arch@freebsd.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Discussion related to FreeBSD architecture <freebsd-arch.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-arch>,
 <mailto:freebsd-arch-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-arch/>
List-Post: <mailto:freebsd-arch@freebsd.org>
List-Help: <mailto:freebsd-arch-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-arch>,
 <mailto:freebsd-arch-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 07 Dec 2018 10:33:01 -0000

hello,

Gandi.net has need of per-thread credentials for a file server. There
have been prior discussions in a thread[1] in 2009 and also a design[2]
has been written out on the wiki in 2011. I'm in the process of
implementing this design.

Before posting my patch to reviews I'd like know if I've missed any
discussion on the subject since the design I'm basing myself on is quite
old (some of the points are now irrelevant after 7 years). Also maybe
someone knows why this was never implemented in the first place?

[1] https://lists.freebsd.org/pipermail/freebsd-arch/2009-May/009300.html
[2] https://wiki.freebsd.org/Per-Thread%20Credentials