Re: [nfsv4] more re: ticket expiration and NFSv4 state
Nicolas Williams <Nicolas.Williams@sun.com> Thu, 02 October 2003 19:06 UTC
Received: from optimus.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id PAA20459 for <nfsv4-archive@odin.ietf.org>; Thu, 2 Oct 2003 15:06:25 -0400 (EDT)
Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1A58m3-0003um-Uh for nfsv4-archive@odin.ietf.org; Thu, 02 Oct 2003 15:06:04 -0400
Received: (from exim@localhost) by www1.ietf.org (8.12.8/8.12.8/Submit) id h92J631p015048 for nfsv4-archive@odin.ietf.org; Thu, 2 Oct 2003 15:06:03 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1A58m3-0003ud-Nm for nfsv4-web-archive@optimus.ietf.org; Thu, 02 Oct 2003 15:06:03 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id PAA20406 for <nfsv4-web-archive@ietf.org>; Thu, 2 Oct 2003 15:05:53 -0400 (EDT)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 1A58m0-0005Ni-00 for nfsv4-web-archive@ietf.org; Thu, 02 Oct 2003 15:06:00 -0400
Received: from ietf.org ([132.151.1.19] helo=optimus.ietf.org) by ietf-mx with esmtp (Exim 4.12) id 1A58m0-0005Nf-00 for nfsv4-web-archive@ietf.org; Thu, 02 Oct 2003 15:06:00 -0400
Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1A58m2-0003tR-GM; Thu, 02 Oct 2003 15:06:02 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1A58lp-0003t9-Ii for nfsv4@optimus.ietf.org; Thu, 02 Oct 2003 15:05:49 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id PAA20373 for <nfsv4@ietf.org>; Thu, 2 Oct 2003 15:05:37 -0400 (EDT)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 1A58lk-0005NT-00 for nfsv4@ietf.org; Thu, 02 Oct 2003 15:05:45 -0400
Received: from brmea-mail-3.sun.com ([192.18.98.34]) by ietf-mx with esmtp (Exim 4.12) id 1A58lk-0005NN-00 for nfsv4@ietf.org; Thu, 02 Oct 2003 15:05:44 -0400
Received: from centralmail1brm.Central.Sun.COM ([129.147.62.1]) by brmea-mail-3.sun.com (8.12.10/8.12.9) with ESMTP id h92J5Ykv020173; Thu, 2 Oct 2003 13:05:34 -0600 (MDT)
Received: from binky.central.sun.com (binky.Central.Sun.COM [129.153.128.104]) by centralmail1brm.Central.Sun.COM (8.12.9+Sun/8.12.9/ENSMAIL,v2.2) with ESMTP id h92J5Y6c006026; Thu, 2 Oct 2003 13:05:34 -0600 (MDT)
Received: from binky.central.sun.com (localhost [127.0.0.1]) by binky.central.sun.com (8.12.5+Sun/8.12.3) with ESMTP id h92J1hQx013689; Thu, 2 Oct 2003 12:01:43 -0700 (PDT)
Received: (from nw141292@localhost) by binky.central.sun.com (8.12.5+Sun/8.12.3/Submit) id h92J1hTI013688; Thu, 2 Oct 2003 12:01:43 -0700 (PDT)
From: Nicolas Williams <Nicolas.Williams@sun.com>
To: "Talpey, Thomas" <Thomas.Talpey@netapp.com>
Cc: Trond Myklebust <trond.myklebust@fys.uio.no>, "William A.(Andy) Adamson" <andros@citi.umich.edu>, nfsv4@ietf.org
Subject: Re: [nfsv4] more re: ticket expiration and NFSv4 state
Message-ID: <20031002190142.GA13682@binky.central.sun.com>
Mail-Followup-To: "Talpey, Thomas" <Thomas.Talpey@netapp.com>, Trond Myklebust <trond.myklebust@fys.uio.no>, "William A.(Andy) Adamson" <andros@citi.umich.edu>, nfsv4@ietf.org
References: <5.2.1.1.2.20031002082649.00c3aff8@silver.nane.netapp.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <5.2.1.1.2.20031002082649.00c3aff8@silver.nane.netapp.com>
User-Agent: Mutt/1.4i
Sender: nfsv4-admin@ietf.org
Errors-To: nfsv4-admin@ietf.org
X-BeenThere: nfsv4@ietf.org
X-Mailman-Version: 2.0.12
Precedence: bulk
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=unsubscribe>
List-Id: NFSv4 Working Group <nfsv4.ietf.org>
List-Post: <mailto:nfsv4@ietf.org>
List-Help: <mailto:nfsv4-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=subscribe>
List-Archive: <https://www1.ietf.org/mail-archive/working-groups/nfsv4/>
X-Original-Date: Thu, 2 Oct 2003 12:01:43 -0700
Date: Thu, 02 Oct 2003 12:01:43 -0700
On Thu, Oct 02, 2003 at 05:30:22AM -0700, Talpey, Thomas wrote: > At 12:44 PM 9/30/2003, Trond Myklebust wrote: > > > > > it's my view that dirty data should not be written without the > > > explicit authentication under which the OPEN occured. e.g. in > > > the scenerio where the ticket has expired, the user loses the > > > data. > > > > > this can all be mitigated by the client who's job it is to > > > track expiration times of gss_context's and prompt the user to > > > refresh creds so as not to get into this situation in the first > > > place. > > > >Why can't the client automatically flush out all dirty data and tear > >down state on the user's behalf prior to the actual ticket expiration? > > Why not, indeed. In fact, I would say it's the client's responsibility to do so, > since we seem to be talking about kernels caching delayed writes on behalf > of their authenticated users. The kernel is proxying for the user in this case, > and must play be the same rules. If it delays writes that long, it needs to > reauthenticate. It's possible for the client to misjudge how much time it will need to flush the dirty data, an untimely network failure could prevent it. Credential expiration while holding dirty data for write delegations is akin to a network failure. The client can RENEW on behalf of its users, but it can't WRITE or DELEGRETURN, so the server may end up revoking write delegations, leading to loss of data on the client. It's security vs. convenience, as Mike puts it. Mike has described one possible compromise (using something like CCM to establish client-user bindings) and I have described another (using a new operation by which a user can explicitly delegate permission to write/delegreturn on her behalf to the client). Take your pick. Myself, I think that the protocol as it stands is just fine wrt credential expiration. > That smart-card-user-on-vacation example got what he deserved, for > instance. Sure. Cheers, Nico -- _______________________________________________ nfsv4 mailing list nfsv4@ietf.org https://www1.ietf.org/mailman/listinfo/nfsv4
- [nfsv4] more re: ticket expiration and NFSv4 state rick
- RE: [nfsv4] more re: ticket expiration and NFSv4 … Mike Eisler
- Re: [nfsv4] more re: ticket expiration and NFSv4 … William A.(Andy) Adamson
- Re: [nfsv4] more re: ticket expiration and NFSv4 … Trond Myklebust
- Re: [nfsv4] more re: ticket expiration and NFSv4 … Nicolas Williams
- Re: [nfsv4] more re: ticket expiration and NFSv4 … Trond Myklebust
- Re: [nfsv4] more re: ticket expiration and NFSv4 … Nicolas Williams
- Re: [nfsv4] more re: ticket expiration and NFSv4 … Talpey, Thomas
- Re: [nfsv4] more re: ticket expiration and NFSv4 … Nicolas Williams