From: Brent Callaghan (brent@eng.sun.com)
Date: 01/13/04-11:46:53 AM Z
Message-ID: <40042F0D.5090106@eng.sun.com> From: Brent Callaghan <brent@eng.sun.com> Subject: Re: Namespace root server authorization (was Re: [nfsv4] Global namespace for v4.1?) Date: Tue, 13 Jan 2004 09:46:53 -0800 Nicolas Williams wrote: > In my view we need to make sure that domain-wide namespace root servers > are authorized to dish out those roots and associated referrals, and for > the rest clients will have to trust those namespace root servers to > issue referrals only to other NFS servers which can be trusted to not > lie about the sub-namespaces delegated to them. I hate to belabour a point, but if the client interacts directly with the name service (rather than through an NFSv4 server intermediary) then there is no new "root server authorization" problem to solve. Those clients that are already using a secure name service (e.g. LDAP or Active Directory) have previously authenticated the provider of the service and rely on it to provide lots of other enterprise data. Data for a global filesystem name service is just an add-on. Brent _______________________________________________ nfsv4 mailing list nfsv4@ietf.org https://www1.ietf.org/mailman/listinfo/nfsv4
This archive was generated by hypermail 2.1.2 : 03/04/05-02:13:09 AM Z CST