[Lustre-devel] security: rpc message vs bulk data

Peter Braam Peter.Braam at Sun.COM
Fri Aug 8 07:45:39 PDT 2008

On 8/8/08 8:25 AM, "James Hughes" <James.Hughes at Sun.COM> wrote:

> On Wed, 2008-08-06 at 16:48 -0600, Peter Braam wrote:
>>  Of course the CMU research about NASD concluded the same 10-15 years ago -
>>  you need a different protocol here, calling it ad-hoc is not so positive,
>>  calling it the NASD protocol sounds rather nice.
> I am not following the thread here.
> The existing implementation leverages off of kerberos in the client machine
> and does not leverage the NASD style ticket granting with versioning that the
> CMU papers advocated. Going to the NASD protocol is OK, but that means either
> abandoning Kerberos or adding Kerberos ticket honoring to the NASD versioned
> ticketing. This is doable, but not trivial.
Not true.  There are capabilities generated by the MDS, with something
similar to versioning.  GSS between clients and OSS nodes is merely used to
send the capabilities encrypted.
> Can you send pointers to the relevant NASD security papers so that we can have
> a firm set of terminology to discuss this with?

http://www.pdl.cmu.edu/  - click on NASD.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.lustre.org/pipermail/lustre-devel-lustre.org/attachments/20080808/1236fad9/attachment.htm>

More information about the lustre-devel mailing list