[Lustre-devel] security: rpc message vs bulk data
Peter Braam
Peter.Braam at Sun.COM
Fri Aug 8 07:45:39 PDT 2008
On 8/8/08 8:25 AM, "James Hughes" <James.Hughes at Sun.COM> wrote:
>
>
> On Wed, 2008-08-06 at 16:48 -0600, Peter Braam wrote:
>> Of course the CMU research about NASD concluded the same 10-15 years ago -
>> you need a different protocol here, calling it ad-hoc is not so positive,
>> calling it the NASD protocol sounds rather nice.
>
> I am not following the thread here.
>
> The existing implementation leverages off of kerberos in the client machine
> and does not leverage the NASD style ticket granting with versioning that the
> CMU papers advocated. Going to the NASD protocol is OK, but that means either
> abandoning Kerberos or adding Kerberos ticket honoring to the NASD versioned
> ticketing. This is doable, but not trivial.
>
Not true. There are capabilities generated by the MDS, with something
similar to versioning. GSS between clients and OSS nodes is merely used to
send the capabilities encrypted.
>
>
> Can you send pointers to the relevant NASD security papers so that we can have
> a firm set of terminology to discuss this with?
http://www.pdl.cmu.edu/ - click on NASD.
Peter
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.lustre.org/pipermail/lustre-devel-lustre.org/attachments/20080808/1236fad9/attachment.htm>
More information about the lustre-devel
mailing list