TNFS spec update; pls review and comment (postscript version)

[Fred Glover <fglover@zk3.dec.com>]

==================================================================
>>> Submissions to the tnfs list: tnfs@wdl1.wdl.loral.com
>>> Additions/deletions/questions: tnfs-request@wdl1.wdl.loral.com
>>> Archive Server: listserv@wdl1.wdl.loral.com
==================================================================


%!PS-Adobe-1.0
%%Creator: devps (Pipeline Associates, Inc.)
%%CreationDate: Tue Jun  9 17:15:38 1992
%%Pages: (atend)
%%DocumentFonts: (atend)

/X{exch}def
/r{rmoveto}def
/m{moveto}def
/l{lineto}def
/rl{rlineto}def
/lc{yc X xc X l st}def
/mc{yc X xc X m}def
/el{gs /a X def a div 1 X scale cp np a xc 2 div 0 360 arc st gr}def
/ar{cp 7 2 roll np xc 5 1 roll atan 3 1 roll atan X arc st}def
/sp{yc X xc X 6 2 roll yc X xc X 6 2 roll yc X xc X 6 2 roll ct}def
/st{stroke}def
/gs{gsave}def
/gr{grestore}def
/cp{currentpoint}def
/np{newpath}def
/ct{curveto}def
/m0{0 0 moveto}def
/BP{/devps-save save def m0}def
/EP{
clear devps-save restore
showpage}def
/res 10.000000 def
/V{res neg div 792 add
currentpoint pop X
m}def
/H{res div
currentpoint X pop
moveto}def
/h{res div 0 r}def
/v{res neg div 0 X r}def
/xc{res div}def
/yc{res neg div 792 add}def
/S{X H show}def
/psize 10 def
/height 1 def
/slant 0 def
/FF{findfont X dup 12 div setlinewidth /psize X def
    [psize 0 psize height mul slant sin slant cos div mul psize height mul 0 0]
    makefont setfont}def
/shade{gs
 /dy X def
 /dx X def
 np m
 setgray
 0 dy rl
 dx 0 rl
 0 dy neg rl
 dx neg 0 rl
 closepath
 fill
gr}def
1 setlinecap
/R{/Times-Roman FF}def
/B{/Times-Bold FF}def
/Y{/Symbol FF}def
%% Troff special characters not on Symbol font
%% Copyright (C) 1986 by Pipeline Associates, Inc.
%% Version 1.1
/altRTD 20 dict def
altRTD begin
/s{setcachedevice}def
/C{1000 1000 scale}def
/m{moveto}def
/c{curveto}def
/S{stroke}def
/l{lineto}def
/a{arcto}def
/p{pop}def
/sl{setlinewidth}def
end
/F_Troff 17 dict def F_Troff begin
systemdict /currentpacking known
{/SavePacking currentpacking def true setpacking}if
/PaintType 0 def
/FontType 3 def
/StrokeWidth 0 def
/UniqueID 8277003 def
/FontMatrix [.001000 0 0 .001000 0 0] def
/FontBBox [-12 -105 942 855 ] def
/Encoding 256 array def
/CD 256 1 add dict def
/FontInfo 3 dict def FontInfo begin
/UnderlinePosition -133 def /UnderlineThickness 20 def end
/FontName (Troff) def
0 1 256 1 sub{Encoding exch /.notdef put}for
CD /.notdef{500 0 setcharwidth{}}put
Encoding (1) 0 get /br put
%% bold vertical rule used by tbl
CD /br{
C
0 0 -.5 -.5 1 1 s
np
.05 sl
0 -.1 m
0 .9 l
{S}
}put
Encoding (2) 0 get /ul put
%% underline used by tbl
CD /ul{
C
.5 0 -.5 -.5 1 1 s
np
.05 sl
0 -.1 m
.5 -.1 l
{S}
}put
Encoding (3) 0 get /ru put
%% baseline rule
CD /ru{
C
.5 0 -.5 -.5 1 1 s
np
.05 sl
m0
.5 0 l
{S}
}put
Encoding (4) 0 get /vr put
%% vertical rule
CD /vr{
C
0 0 -.5 -.5 1 1 s
np
.05 sl
m0
0 1 l
{S}
}put
Encoding (5) 0 get /sq put
%% square
CD /sq{
C
.5 0 -.5 -.5 1 1 s
np
.05 sl
0 .25 m
0 .5 rl
.5 0 rl
0 -.5 rl
-.5 0 rl
closepath
{S}
}put
Encoding (6) 0 get /bx put
%% solid box
CD /bx{
C
.5 0 -.5 -.5 1 1 s
np
0 .25 m
0 .5 rl
.5 0 rl
0 -.5 rl
-.5 0 rl
closepath
{fill}
}put
Encoding (7) 0 get /rn put
%% radical extender
CD /rn{
C
.5 0 -.5 -.5 1 1 s
np
.03 sl
-.03 .9 m
.5 0 rl
{S}
}put
Encoding (8) 0 get /GR put
%% gray mask
CD /GR{
C
.5 0 setcharwidth
.5 setgray
np
0 -.1 m
0 1 rl
.5 0 rl
0 -1 rl
-.5 0 rl
closepath
{fill}
}put
Encoding 97 /a put
CD /a{1000 0 0 66 942 421 s 430 415
m 578 406 678 349 662 319 c 655 306 614 287 583
296 c 570 300 466 340 438 332 c 365 309 335 213
270 209 c 0 310 m 108 310 l 108 114 l 0
114 l 0 310 l 42 161 m 42 134 l 66 134 l 66
161 l 42 161 l 47 155 m 47 140 l 62 140 l 62
155 l 47 155 l 110 133 m 226 113 300 66 410
80 c 497 91 550 69 634 76 c 645 76 663 92 669
107 c 677 125 673 141 668 160 c 725 334 m 758
332 734 253 701 250 c 501 325 m 475 316 476 309
473 302 c 465 282 482 263 499 257 c 552 236 615
253 689 253 c 701 253 713 236 713 218 c 712 194
702 168 678 161 c 671 159 663 160 655 160 c 591
158 516 156 479 168 c 461 173 453 191 453 210 c 453
224 456 235 466 244 c 476 253 490 252 503 255 c 459
84 m 447 96 435 106 435 123 c 435 136 440 145 447
155 c 453 163 462 168 469 173 c 110 293 m 173
318 300 421 435 415 c 609 407 852 416 885 411 c 898
409 924 411 930 380 c 942 316 828 339 742 334 c 731
334 730 335 725 335 c 701 336 685 336 660 336 c{S}}put
Encoding 98 /b put
CD /b{1000 0 -12 66 930 421 s 500
415 m 352 406 252 349 268 319 c 275 306 316 287
347 296 c 360 300 464 340 492 332 c 565 309 595
213 660 209 c 930 310 m 822 310 l 822 114 l 930
114 l 930 310 l 888 161 m 888 134 l 864 134
l 864 161 l 888 161 l 883 155 m 883 140 l 868
140 l 868 155 l 883 155 l 820 133 m 704 113
630 66 520 80 c 433 91 380 69 296 76 c 285 76
267 92 261 107 c 253 125 257 141 262 160 c 205
334 m 172 332 196 253 229 250 c 429 325 m 455
316 454 309 457 302 c 465 282 448 263 431 257 c 378
236 315 253 241 253 c 229 253 217 236 217 218 c 218
194 228 168 252 161 c 259 159 267 160 275 160 c 339
158 414 156 451 168 c 469 173 477 191 477 210 c 477
224 474 235 464 244 c 454 253 440 252 427 255 c 471
84 m 483 96 495 106 495 123 c 495 136 490 145 483
155 c 477 163 468 168 461 173 c 820 293 m 757
318 630 421 495 415 c 321 407 78 416 45 411 c 32
409 6 411 0 380 c -12 316 102 339 188 334 c 199
334 200 335 205 335 c 229 336 245 336 270 336 c{S}}put
Encoding 99 /c put
CD /c{1000 0 184 0 827 627 s 185 315
m 186 488 332 627 505 625 c 682 623 827 467 815
290 c 804 124 666 0 500 0 c 327 0 184 142 185
315 c{S}}put
Encoding 100 /d put
CD /d{590 0 134 158 477 500 s 300
160 m 208 162 134 238 135 330 c 136 423 212 500
305 500 c 397 500 473 427 475 335 c 477 239 396
158 300 160 c{fill}}put
Encoding 101 /e put	% Bell Symbol
CD /e{1010 0 -100 -210 1010 1010 s 100 sl 0 setlinecap
420 300 450 0 360 arc
420 650 m 420 575 l S
newpath 120 125 m 720 125 l 75 sl S
420 125 m 420 25 l S
220 400 m 220 175 120 175 100 a p p p p
220 400 m 220 550 420 550 80 a p p p p 
620 400 m 620 175 720 175 100 a p p p p
620 400 m 620 550 420 550 80 a p p p p
295 550 m 545 550 l{S}}put
/BuildChar{altRTD /BuildChar get exec}def end
altRTD begin /BuildChar{altRTD begin
/char exch def /fontdict exch def save
/charname fontdict /Encoding get char get def
fontdict /StrokeWidth get sl
fontdict /CD get dup charname known
{charname}{/.notdef}ifelse get newpath exec
fontdict /PaintType get 0 eq{exec}{p S}ifelse
restore end}def end
systemdict /currentpacking known{F_Troff /SavePacking get setpacking}if
/Troff F_Troff definefont pop
/Y1{/Troff FF}def
/I{/Times-Italic FF}def
%%EndProlog
%%Page: 1 1
BP
/slant 0 def
/height 1.000000 def
10 R
10 R
0 H
40 V
0(--)S
5406(--)S
720 H
840 V
1939(Request)S
2291(for)S
2437(Comments)S
2901(On)S
3053(A)S
3155(Speci\256cation)S
3707(of)S
5139(|)S
720 H
960 V
2016(Trusted)S
2351(NFS)S
2565(\(TNFS\))S
2906(Protocol)S
3275(Extensions)S
720 H
1440 V
10 B
720(1.)S
855(Status)S
1152(Of)S
1293(This)S
1513(Memo)S
720 H
1596 V
10 R
720(This)S
938(draft)S
1166(document)S
1600(speci\256es)S
1984(extensions)S
2446(to)S
2564(RFC)S
2794(1094)S
3034([1])S
3190(which)S
3474(support)S
3815(network)S
4183(\256le)S
4352(access)S
4647(in)S
4766(a)S
4851(mul-)S
720 H
1716 V
720(tilevel)S
1002(secure)S
1288(\(MLS\))S
1592(network)S
1951(environment)S
1684 V
8 R
2456(1)S
1716 V
10 R
2496(.)S
2583(This)S
2793(draft)S
3013(was)S
3201(approved)S
3605(by)S
3738(the)S
3893(Trusted)S
4231(Systems)S
4598(Interopera-)S
720 H
1836 V
720(bility)S
962(Group)S
1247(\(TSIG\),)S
1590(whose)S
1875(charter)S
2181(is)S
2278(to)S
2386(promote)S
2749(multi-vendor)S
3301(trusted)S
3603(system)S
3911(interoperability.)S
720 H
2076 V
10 B
720(2.)S
855(Abstract)S
720 H
2232 V
10 R
720(Additional)S
1181(functionality)S
1726(has)S
1893(been)S
2115(developed)S
2559(for)S
2709(UNIX)S
10 Y
2958(\322)S
10 R
3071(systems)S
3422(to)S
3534(address)S
3867(the)S
4023(TCSEC)S
4369([2])S
4519(requirements)S
720 H
2352 V
720(for)S
875(trusted)S
1186(systems.)S
1596(New)S
1822(requirements)S
2381(are)S
2540(driving)S
2867(e)S
2911 H
	(f)show 10 -.5 mul h (f)show
10 R
2972(orts)S
3160(to)S
3276(develop)S
3630(interoperable,)S
4219(networked)S
4678(solutions)S
720 H
2472 V
720(for)S
893(trusted)S
1222(UNIX)S
1528(environments.)S
2185(A)S
2315(speci\256c)S
2678(approach)S
3101(for)S
3275(addressing)S
3760(TCSEC)S
4130(MLS)S
4394(requirements)S
4973(is)S
720 H
2592 V
720(identi\256ed)S
1151(in)S
1282(the)S
1457(CMW)S
1760(requirements)S
2334(document)S
2781([3].)S
3005(Developing)S
3524(support)S
3877(for)S
4045(network)S
4424(interoperability)S
720 H
2712 V
720(among)S
1022(MLS)S
1258(classi\256ed)S
1660(systems)S
2007(is)S
2104(a)S
2178(primary)S
2524(goal)S
2726(of)S
2839(the)S
2991(trusted)S
3293(UNIX)S
3572(community.)S
720 H
2868 V
720(Sun)S
909(Microsystem's)S
1536(Network)S
1918(File)S
2107(System)S
2435(\(NFS\262)S
2735(\))S
2801(V2)S
2956(protocol)S
3323(is)S
3424(an)S
3552(industry)S
3914(\(de)S
4075(facto\))S
4341(standard)S
4713(network)S
720 H
2988 V
720(\256le)S
880(access)S
1166(mechanism,)S
1678(and)S
1854(represents)S
2290(one)S
2466(of)S
2581(the)S
2735(key)S
2911(components)S
3426(of)S
3540(system)S
3849(interoperability)S
4496(in)S
4605(the)S
4758(current)S
720 H
3108 V
720(UNIX)S
1005(networking)S
1496(market.)S
1834(This)S
2048(draft)S
2272(document)S
2702(describes)S
3109(extensions)S
3567(to)S
3681(the)S
3839(NFS)S
4059(V2)S
4217(protocol)S
4587(which)S
4868(sup-)S
720 H
3228 V
720(port)S
914(network)S
1274(\256le)S
1435(access)S
1722(in)S
1833(a)S
1909(MLS)S
2147(network)S
2506(environment.)S
3098(It)S
3191(will)S
3379(be)S
3505(submitted)S
3932(to)S
4042(the)S
4196(RFC)S
4418(editor)S
4683(as)S
4798(a)S
4874(pro-)S
720 H
3348 V
720(tocol)S
954(speci\256cation.)S
1518(Distribution)S
2036(of)S
2153(this)S
2333(draft)S
2556(document)S
2985(is)S
3087(unlimited.)S
3561(Please)S
3851(send)S
4069(comments)S
4515(to)S
4628(the)S
4785(author)S
720 H
3468 V
720(at)S
822(the)S
974(address)S
1303(identi\256ed)S
1711(in)S
1819(section)S
2132(6)S
2212(below.)S
720 H
3708 V
10 B
720(3.)S
855(MLS)S
1102(Extensions)S
1594(for)S
1751(NFS)S
720 H
3864 V
10 R
720(MLS)S
956(functionality)S
1498(includes)S
1862(discretionary)S
2414(access)S
2699(control)S
3013(\(DAC\),)S
3346(subject)S
3660(and)S
3835(object)S
4110(security)S
4457(labeling,)S
4835(man-)S
720 H
3984 V
720(datory)S
1034(access)S
1346(control)S
1687(\(MAC\),)S
2064(authentication,)S
2713(auditing,)S
3124(and)S
3326(documentation.)S
4033(Exchanging)S
4568(information)S
720 H
4104 V
720(between)S
1082(MLS)S
1318(systems)S
1665(requires)S
2016(communicating)S
2668(additional)S
3098(security)S
3444(information)S
3946(along)S
4198(with)S
4406(the)S
4558(actual)S
4826(data.)S
720 H
4260 V
720(The)S
916(primary)S
1273(goal)S
1486(of)S
1610(this)S
1796(speci\256cation)S
2342(is)S
2450(to)S
2569(describe)S
2942(extensions)S
3405(to)S
3525(the)S
3689(NFS)S
3915(V2)S
4079(protocol)S
4454(which)S
4740(support)S
720 H
4380 V
720(network)S
1081(\256le)S
1243(access)S
1531(between)S
1897(MLS)S
2137(systems)S
2488(with)S
2700(a)S
2778(minimal)S
3146(impact)S
3452(on)S
3586(the)S
3742(existing)S
4094(NFS)S
4313(V2)S
4470(environment)S
4348 V
8 R
4975(2)S
4380 V
10 R
5015(.)S
720 H
4500 V
720(It)S
814(is)S
914(also)S
1108(intended)S
1484(that)S
1666(this)S
1843(MLS)S
2081(environment)S
2618(will)S
2806(permit)S
3099(unmodi\256ed)S
3587(NFS)S
3803(clients)S
4096(and)S
4272(servers)S
4586(to)S
4696(continue)S
720 H
4620 V
720(to)S
828(be)S
952(fully)S
1171(supported.)S
720 H
4776 V
720(The)S
906(general)S
1230(approach)S
1626(used)S
1840(in)S
1949(extending)S
2374(the)S
2527(NFS)S
2742(V2)S
2895(protocol)S
3259(is)S
3357(to)S
3466(transport)S
3852(additional)S
4284(user)S
4482(context)S
4808(in)S
4918(the)S
720 H
4896 V
720(form)S
946(of)S
1061(an)S
1187(extended)S
1579(NFS)S
1795(UNIX)S
2076(style)S
2297(credential)S
2722(between)S
3086(a)S
3162(Trusted)S
3499(NFS)S
3715(\(TNFS\))S
4058(client)S
4312(and)S
4488(server,)S
4787(and)S
4962(to)S
720 H
5016 V
720(map)S
923(that)S
1104(context)S
1429(into)S
1616(the)S
1770(appropriate)S
2256(server)S
2531(security)S
2879(policies)S
3222(which)S
3498(address)S
3829(\256le)S
3989(access.)S
4330(In)S
4445(addition,)S
4830(secu-)S
720 H
5136 V
720(rity)S
898(\256le)S
1065(attributes)S
1476(are)S
1636(returned)S
2007(with)S
2224(each)S
2445(NFS)S
2668(\(TNFS\))S
3018(procedure)S
3455(call.)S
3692(Otherwise,)S
4165(the)S
4325(NFS)S
4547(V2)S
4707(protocol)S
720 H
5256 V
720(remains)S
1066(essentially)S
1518(unchanged.)S
720 H
5412 V
720(Two)S
933(companion)S
1407(documents)S
1870([4][5])S
2132(complete)S
2528(the)S
2680(set)S
2821(of)S
2934(documentation)S
3558(describing)S
4004(the)S
4156(TNFS)S
4431(environment.)S
720 H
5652 V
10 B
720(3.1.)S
930(The)S
1127(Extended)S
1563(User)S
1792(Context)S
720 H
5808 V
10 R
720(The)S
905(Sun)S
1091(RPC)S
1311(protocol)S
1674([6][7])S
1936(includes)S
2299(two)S
2479(authentication)S
3075(parameters)S
3542(in)S
3650(a)S
3724(request)S
4042(message:)S
720 H
5964 V
970(an)S
1105(authentication)S
1712(credential)S
2146(-)S
2220(used)S
2444(to)S
2563(identify)S
2915(or)S
3040(present)S
3370(a)S
3456(client)S
3720(subject's)S
4117(credentials)S
4591(to)S
4711(a)S
4797(server)S
720 H
6084 V
970(along)S
1222(with)S
1430(a)S
1504(given)S
1756(request)S
2074(for)S
2220(access)S
2504(or)S
2617(information,)S
3144(and)S
720 H
6240 V
970(an)S
1094(authentication)S
1690(veri\256er)S
2008(-)S
2071(used)S
2284(to)S
2392(validate)S
2738(the)S
2890(subject's)S
3275(credentials,)S
720 H
6396 V
720(and)S
894(an)S
1018(authentication)S
1614(veri\256er)S
1932(in)S
2040(the)S
2192(RPC)S
2412(response)S
2791(message.)S
720 H
6508 V
8 Y1
720(333333333333333333)S
720 H
6602 V
6 R
820(1)S
6626 V
8 R
890(Multilevel)S
1245(Secure)S
1485(systems)S
1761(include,)S
2039(for)S
2155(example,)S
2468(support)S
2731(for)S
2847(B1)S
2965(and)S
3104(CMW)S
3328(security)S
3603(policies.)S
720 H
6744 V
8 Y
820(\322)S
8 R
923(UNIX)S
1147(is)S
1224(a)S
1283(registered)S
1619(trademark)S
1964(of)S
2054(UNIX)S
2278(Systems)S
2568(Laboratories)S
2993(\(U.S.L.\))S
720 H
6862 V
820(\262)S
900(NFS)S
1072(is)S
1149(a)S
1208(trademark)S
1553(of)S
1643(Sun)S
1792(Microsystems,)S
2282(Incorporated)S
720 H
6956 V
6 R
820(2)S
6980 V
8 R
890(Revisions)S
1241(to)S
1339(the)S
1472(NFS)S
1656(V2)S
1790(protocol)S
2091(have)S
2277(been)S
2463(speci\256ed)S
2782(and)S
2933(presented)S
3273(for)S
3401(comment)S
3733(to)S
3830(the)S
3962(NFS)S
4145(community;)S
4565(this)S
720 H
7080 V
720(document)S
1058(addresses)S
1386(extensions)S
1746(to)S
1832(the)S
1953(V2)S
2075(protocol)S
2364(only.)S
720 H
7680 V
10 R
720(TSIG-TNFS-001.2.03)S
4700([Page 1])S
7920 V
EP
%%Page: 2 2
BP
/slant 0 def
/height 1.000000 def
10 R
10 R
0 H
40 V
0(--)S
5406(--)S
720 H
520 V
720(INTERNET-DRAFT)S
2297(TNFS Protocol Speci\256cation)S
4472(May 24, 1992)S
720 H
840 V
720(An)S
872(NFS)S
1086(server)S
1359(uses)S
1561(the)S
1713(client)S
1965(subject's)S
2350(credentials)S
2812(to)S
2920(perform)S
3271(appropriate)S
3755(access)S
4039(checks)S
4340(prior)S
4565(to)S
4674(servicing)S
720 H
960 V
720(the)S
873(request.)S
1247(The)S
1433(veri\256er)S
1752(parameter)S
2181(in)S
2290(the)S
2443(RPC)S
2664(request)S
2983(message)S
3351(is)S
3448(used)S
3661(to)S
3769(authenticate)S
4281(the)S
4433(client)S
4685(subject's)S
720 H
1080 V
720(credentials)S
1048 V
8 R
1152(3)S
1080 V
10 R
1192(.)S
720 H
1236 V
720(Several)S
1056(styles)S
1321(of)S
1441(authentication)S
2044(are)S
2202(currently)S
2599(de\256ned)S
2930(for)S
3084(NFS)S
1204 V
8 R
3268(4)S
1236 V
10 R
3308(,)S
3371(and)S
3553(an)S
3685(NFS)S
3907(server)S
4188(may)S
4398(elect)S
4624(to)S
4740(support)S
720 H
1356 V
720(multiple)S
1087(authentication)S
1686(styles)S
1947(concurrently.)S
2539(A)S
2644(new)S
2843(RPC)S
3065(authentication)S
3663(style,)S
3909(AUTH_MLS,)S
4499(is)S
4598(de\256ned)S
4924(for)S
720 H
1476 V
720(use)S
887(in)S
999(the)S
1155(TNFS)S
1435(environment.)S
2000(The)S
2190(de\256nition)S
2609(of)S
2727(the)S
2884(AUTH_MLS)S
3452(credential)S
3880(combines)S
4298(the)S
4455(information)S
4962(in)S
720 H
1596 V
720(the)S
872(AUTH_UNIX)S
1478(credential)S
1901(with)S
2109(extensions)S
2561(for)S
2707(the)S
2859(additional)S
3289(security)S
3635(attributes:)S
720 H
1752 V
970(o)S
1220(audit)S
1456(id)S
1570(-)S
1640(immutable)S
2105(subject)S
2425(\(user\))S
2694(identi\256er,)S
3117(not)S
3282(a)S
3326 H
	(f)show 10 -.5 mul h (f)show
10 R
3387(ected)S
3634(by)S
3771(modi\256cations)S
4353(to)S
4468(either)S
4732(the)S
4891(real)S
720 H
1872 V
1220(or)S
1333(e)S
1377 H
	(f)show 10 -.5 mul h (f)show
10 R
1438(ective)S
1706(user)S
1902(or)S
2015(group)S
2278(identi\256ers,)S
720 H
2028 V
970(o)S
1220(sensitivity)S
1670(label)S
1902(-)S
1973(used)S
2194(with)S
2410(a)S
2492(MAC)S
2758(policy;)S
3075(a)S
3158(subject)S
3480(generally)S
3890(has)S
4062(a)S
4145(static,)S
4420(top-level)S
4814(clear-)S
720 H
2148 V
1220(ance,)S
1473(but)S
1647(is)S
1760(permitted)S
2189(to)S
2313(execute)S
2662(processes)S
3089(at)S
3206(a)S
3295(sensitivity)S
3752(level)S
3991(di)S
4069 H
	(f)show 10 -.5 mul h (f)show
10 R
4130(erent)S
4374(from)S
4613(\(i.e.)S
4813(lower)S
720 H
2268 V
1220(than\))S
1455(his/her)S
1757(actual)S
2025(clearance,)S
720 H
2424 V
970(o)S
1220(information)S
1723(label)S
1948(-)S
2013(also)S
2206(used)S
2421(with)S
2631(a)S
2707(MAC)S
2967(policy;)S
3277(dynamically)S
3803(adjusted)S
4168(based)S
4427(upon)S
4659(the)S
4813(infor-)S
720 H
2544 V
1220(mation)S
1528(content)S
1852(associated)S
2292(with)S
2500(the)S
2652(subject)S
2965(\(or)S
3111(object\),)S
720 H
2700 V
970(o)S
1220(integrity)S
1608(label)S
1851(-)S
1933(used)S
2165(with)S
2392(commercial,)S
2937(multi-party)S
3437(security)S
3803(policy)S
4103(\(eg.)S
4305(Clark-Wilson)S
4899([8],)S
720 H
2820 V
1220(Biba)S
1439([9]\),)S
720 H
2976 V
970(o)S
1220(privilege)S
1606(mask)S
1848(-)S
1912(used)S
2126(to)S
2235(identify)S
2577(privileges)S
3002(\(eg.)S
3185(chown,)S
3507(chmod\))S
3844(or)S
3959("rights")S
4301(granted)S
4632(to)S
4742(a)S
4818(given)S
720 H
3096 V
1220(subject,)S
1558(generally)S
1959(to)S
2067(override)S
2429(an)S
2553(existing)S
2900(security)S
3246(policy,)S
3551(and)S
720 H
3252 V
970(o)S
1220(vendor)S
1527(label)S
1751(-)S
1814(used)S
2027(to)S
2135(accommodate)S
2719(additional,)S
3174(vendor)S
3481(speci\256c)S
3816(policies)S
720 H
3408 V
720(The)S
909(additional)S
1343(security)S
1693(attributes)S
2099(will)S
2289(actually)S
2639(be)S
2767(represented)S
3261(within)S
3552(the)S
3709(AUTH_MLS)S
4277(credential)S
4705(by)S
4840(\256xed)S
720 H
3528 V
720(size)S
10 I
910(tokens)S
10 R
1165(,)S
1225(which)S
1504(can)S
1677(support)S
2012(multiple)S
2381(translation)S
2838(schemes)S
3211(through)S
3557(the)S
3714(use)S
3882(of)S
4000(an)S
4129(appropriate)S
4618(translation)S
720 H
3648 V
720(mechanism)S
1237([5].)S
1470(For)S
1671(instance,)S
2085(mechanisms)S
2641(such)S
2886(as)S
3031(M.I.T.)S
3351(Project)S
3697(Athena's)S
4120(Hesiod/BIND)S
4738(or)S
4884(Sun)S
720 H
3768 V
720(Microsystem's)S
1350(NIS)S
3736 V
8 R
1511(5)S
3768 V
10 R
1587(lookup)S
1901(service)S
2219(could)S
2477(be)S
2607(used)S
2826(to)S
2940(support)S
3276(the)S
3435(translation)S
3894(of)S
4014(tokens)S
4312(and)S
4493(security)S
4846(attri-)S
720 H
3888 V
720(bute)S
922(information.)S
720 H
4044 V
720(There)S
992(are)S
1153(several)S
1475(advantages)S
1958(to)S
2076(the)S
2238(use)S
2412(of)S
2536(a)S
2621(token)S
2884(translation)S
3347(model.)S
3693(One)S
3900(major)S
4174(advantage)S
4619(is)S
4727(that)S
4918(the)S
720 H
4164 V
720(actual)S
1006(security)S
1370(attribute)S
1751(information)S
2271(may)S
2491(be)S
2633(de\256ned)S
2974(within)S
3277(the)S
3446(translation)S
3915(service,)S
4269(while)S
4538(the)S
4707(attribute)S
720 H
4284 V
720(representation)S
1319(may)S
1525(be)S
1653(de\256ned)S
1981(by)S
2115(a)S
2193(small,)S
2469(\256xed)S
2703(sized)S
2942(token)S
3198(within)S
3488(the)S
3644(relatively)S
4055(small)S
4306(amount)S
4640(of)S
4757(unallo-)S
720 H
4404 V
720(cated)S
966(space)S
1223(in)S
1337(the)S
1495(credential)S
1924(structure.)S
2364(A)S
2472(second)S
2784(advantage)S
3223(of)S
3341(a)S
3420(translation)S
3877(model)S
4162(is)S
4264(that)S
4449(it)S
4540(may)S
4747(accom-)S
720 H
4524 V
720(modate)S
1059(multiple)S
1438(security)S
1799(policies)S
2155(and)S
2344(translations.)S
2905(Finally,)S
3259(a)S
3348(token)S
3615(translation)S
4082(model)S
4378(permits)S
4724(security)S
720 H
4644 V
720(policies)S
1064(to)S
1175(be)S
1302(developed)S
1744(independently)S
2342(from)S
2568(the)S
2722(translation)S
3176(mechanism.)S
3688(Tokens)S
4014(are)S
4167(transferred)S
4630(within)S
4918(the)S
720 H
4764 V
720(AUTH_MLS)S
1297(credential)S
1734(as)S
1861(opaque)S
2193(objects)S
2520(which)S
2808(are)S
2973(given)S
3239(context)S
3578(by)S
3723(the)S
3890(security)S
4251(policy)S
4546(mechanisms)S
720 H
4884 V
720(implemented)S
1272(by)S
1402(the)S
1554(TNFS)S
1829(clients)S
2120(and)S
2294(servers.)S
720 H
5040 V
720(Note)S
951(that)S
1138(although)S
1525(tokens)S
1823(are)S
1981(de\256ned)S
2312(as)S
2433(opaque)S
2759(objects,)S
3105(tokens)S
3404(which)S
3686(represent)S
4089(the)S
4249(same)S
4492(security)S
4846(attri-)S
720 H
5160 V
720(bute)S
932(and)S
1116(which)S
1400(reside)S
1678(within)S
1974(the)S
2136(same)S
2381(translation)S
2843(scheme)S
3182(may)S
3394(be)S
3528(compared)S
3960(for)S
4115(equality.)S
4531(This)S
4748(charac-)S
720 H
5280 V
720(teristic)S
1031(permits)S
1370(tokens)S
1670(representing)S
2202(a)S
2286(speci\256c)S
2631(security)S
2987(attribute)S
3360(to)S
3478(be)S
3612(referenced)S
4071(in)S
4189(comparisons)S
4734(without)S
720 H
5400 V
720(requiring)S
1116(the)S
1268(tokens)S
1559(to)S
1667(be)S
1791(translated.)S
720 H
5640 V
10 B
720(3.2.)S
930(Discretionary)S
1542(Access)S
1854(Control)S
720 H
5796 V
10 R
720(A)S
836(Discretionary)S
1423(Access)S
1749(Control)S
2099(\(DAC\))S
2420(policy)S
2714(provides)S
3102(for)S
3262(the)S
3429(restriction)S
3879(of)S
4007(subject)S
4335(access)S
4634(to)S
4757(objects)S
720 H
5916 V
720(based)S
989(on)S
1131(the)S
1295(identity)S
1643(of)S
1767(subjects)S
2130(and/or)S
2426(the)S
2589(groups)S
2902(for)S
3059(which)S
3344(they)S
3557(are)S
3719(members.)S
4181(Most)S
4428(secure)S
4723(systems)S
720 H
6036 V
720(address)S
1064(DAC)S
1320(requirements)S
1886(through)S
2242(the)S
2409(use)S
2587(of)S
2715(access)S
3014(control)S
3342(lists.)S
3604(Associated)S
4088(with)S
4312(each)S
4540(\256le)S
4714(is)S
4827(a)S
4917(list)S
720 H
6156 V
720(which)S
1012(identi\256es)S
1427(the)S
1597(set)S
1756(of)S
1887(user)S
2101(and)S
2293(group)S
2574(combinations)S
3161(authorized)S
3629(to)S
3754(access)S
4055(the)S
4224(\256le,)S
4424(along)S
4693(with)S
4918(the)S
720 H
6276 V
720(access)S
1004(privileges)S
1428(associated)S
1868(with)S
2076(each)S
2288(combination.)S
720 H
6432 V
720(The)S
921(information)S
1439(contained)S
1873(in)S
1997(the)S
2166(AUTH_MLS)S
2746(credential)S
3186(of)S
3316(a)S
3407(TNFS)S
3699(client)S
3968(request)S
4303(includes)S
4683(user)S
4896(and)S
720 H
6552 V
720(group)S
985(identi\256cation)S
1545(su)S
1634 H
	(f)show 10 -.5 mul h (\256)show
10 R
1718(cient)S
1944(to)S
2054(permit)S
2347(the)S
2501(server)S
2776(to)S
2885(apply)S
3138(appropriate)S
3623(DAC)S
3865(policies)S
4207(in)S
4316(controlling)S
4786(access)S
720 H
6672 V
720(to)S
833(its)S
963(shared,)S
1283(local)S
1512(\256le)S
1675(objects.)S
2048(For)S
2222(example,)S
2620(the)S
2777(subject)S
3095(represented)S
3589(by)S
3724(the)S
3881(user)S
4082(and/or)S
4372(group)S
4640(identi\256ers)S
720 H
6772 V
8 Y1
720(333333333333333333)S
720 H
6866 V
6 R
820(3)S
6890 V
8 R
890(Authentication)S
1387(of)S
1477(client)S
1677(and)S
1816(server)S
2033(identities)S
2348(will)S
2496(not)S
2622(be)S
2721(addressed)S
3058(in)S
3144(this)S
3283(speci\256cation.)S
720 H
6984 V
6 R
820(4)S
7008 V
8 R
890(Styles)S
1109(currently)S
1419(de\256ned)S
1678(are)S
1798(AUTH_NONE,)S
2328(AUTH_UNIX,)S
2835(AUTH_SHORT,)S
3406(and)S
3545(AUTH_DES.)S
720 H
7102 V
6 R
820(5)S
7126 V
8 R
890(Network)S
1193(Information)S
1596(Service,)S
1878(known)S
2120(previously)S
2480(as)S
2570(the)S
2691(Yellow)S
2950(Pages)S
3160(Service)S
720 H
7680 V
10 R
720(TSIG-TNFS-001.2.03)S
4700([Page 2])S
7920 V
EP
%%Page: 3 3
BP
/slant 0 def
/height 1.000000 def
10 R
10 R
0 H
40 V
0(--)S
5406(--)S
720 H
520 V
720(INTERNET-DRAFT)S
2297(TNFS Protocol Speci\256cation)S
4472(May 24, 1992)S
720 H
840 V
720(contained)S
1141(in)S
1252(the)S
1407(client)S
1662(request)S
1983(may)S
2189(be)S
2317(checked)S
2677(against)S
2994(the)S
3150(access)S
3438(control)S
3755(list)S
3912(information)S
4418(associated)S
4862(with)S
720 H
960 V
720(the)S
874(referenced)S
1325(\256le)S
1485(on)S
1617(the)S
1771(server.)S
2071(Access)S
2385(control)S
2700(list)S
2855(information)S
3358(is)S
3456(not)S
3615(required)S
3978(to)S
4087(be)S
4212(transmitted)S
4693(from)S
4918(the)S
720 H
1080 V
720(client)S
982(to)S
1101(the)S
1264(server)S
1548(in)S
1667(support)S
2008(of)S
2132(a)S
2217(server)S
2501(based)S
2769(access)S
3064(control)S
3388(policy.)S
3734(Client)S
4020(based)S
4288(support)S
4629(for)S
4786(access)S
720 H
1200 V
720(control)S
1041(of)S
1162(server)S
1443(based)S
1708(\256le)S
1874(objects)S
2195(is)S
2300(discussed)S
2721(below)S
3003(in)S
3119(the)S
3279(section)S
3600(which)S
3882(describes)S
4290(the)S
4449(extended)S
4846(attri-)S
720 H
1320 V
720(bute)S
922(cache.)S
720 H
1560 V
10 B
720(3.3.)S
930(Mandatory)S
1443(Access)S
1755(Control)S
720 H
1716 V
10 R
720(A)S
824(Mandatory)S
1294(Access)S
1608(Control)S
1946(\(MAC\))S
2272(policy)S
2554(provides)S
2930(for)S
3078(the)S
3232(restriction)S
3669(of)S
3784(subject)S
4099(access)S
4386(to)S
4497(objects)S
4813(based)S
720 H
1836 V
720(on)S
852(the)S
1006(sensitivity)S
1450(of)S
1565(the)S
1719(information)S
2223(contained)S
2643(in)S
2752(the)S
2905(objects.)S
3274(MAC)S
3533(policies)S
3875(thus)S
4073(include)S
4398(assigning)S
4807(levels)S
720 H
1956 V
720(of)S
833(trust)S
1042(or)S
1156(clearance)S
1562(to)S
1671(system)S
1980(users)S
2216(\(subjects\),)S
2660(and)S
2835(levels)S
3099(of)S
3213(sensitivity)S
3656(to)S
3765(system)S
4074(objects,)S
4413(and)S
4588(then)S
4791(ensur-)S
720 H
2076 V
720(ing)S
878(that)S
1058(only)S
1266(users)S
1501(with)S
1709(su)S
1798 H
	(f)show 10 -.5 mul h (\256)show
10 R
1882(cient)S
2106(clearance)S
2511(can)S
2679(access)S
2963(the)S
3115(classi\256ed)S
3517(information.)S
720 H
2316 V
10 B
720(3.3.1.)S
1005(Sensitivity)S
1480(Labels)S
720 H
2472 V
10 R
720(When)S
995(MAC)S
1260(policies)S
1608(are)S
1767(enabled,)S
2140(each)S
2360(system)S
2676(subject)S
2997(and)S
3179(object)S
3461(is)S
3566(created)S
3891(with)S
4107(a)S
4189(sensitivity)S
4639(label,)S
4896(and)S
720 H
2592 V
720(the)S
872(system)S
1180(MAC)S
1438(policies)S
1779(compare)S
2152(the)S
2304(labels)S
2567(when)S
2813(determining)S
3326(access.)S
720 H
2748 V
720(The)S
919(AUTH_MLS)S
1496(credential)S
1933(contains)S
2310(the)S
2476(sensitivity)S
2932(label)S
3170(information)S
3686(associated)S
4140(with)S
4362(the)S
4528(TNFS)S
4818(client)S
720 H
2868 V
720(subject)S
1038(\(application\))S
1583(making)S
1918(the)S
2075(access)S
2364(request.)S
2742(This)S
2955(information)S
3462(is)S
3564(su)S
3653 H
	(f)show 10 -.5 mul h (\256)show
10 R
3737(cient)S
3965(to)S
4077(permit)S
4372(the)S
4528(MAC)S
4790(policy)S
720 H
2988 V
720(checking)S
1112(mechanism)S
1599(on)S
1731(the)S
1885(server)S
2160(to)S
2270(determine)S
2701(whether)S
3054(to)S
3164(permit)S
3457(access)S
3743(to)S
3853(the)S
4007(requested)S
4421(object)S
4697(or)S
4813(infor-)S
720 H
3108 V
720(mation.)S
720 H
3348 V
10 B
720(3.3.2.)S
1005(Information)S
1557(Labels)S
720 H
3504 V
10 R
720(Information)S
1234(labels)S
1504(represent)S
1906(the)S
2065(actual)S
2340(sensitivity)S
2789(of)S
2909(a)S
2990(given)S
3250(subject)S
3571(or)S
3692(object,)S
3999(and)S
4181(permit)S
4480(the)S
4640(additional)S
720 H
3624 V
720(identi\256cation)S
1282(of)S
1399(control)S
1716(markings)S
2122(for)S
2272(a)S
2350(given)S
2606(piece)S
2850(of)S
2966(information.)S
3526(The)S
3714(information)S
4219(label)S
4446(is)S
4546(dynamically)S
720 H
3744 V
720(adjusted)S
1084(on)S
1215(both)S
1424(subjects)S
1777(and)S
1952(objects)S
2266(to)S
2375(the)S
2528(highest)S
2848(sensitivity)S
3292(level)S
3518(re\257ected)S
3893(by)S
4025(a)S
4101(subject/object)S
4688(pair:)S
4903(if)S
4996(a)S
720 H
3864 V
720(subject)S
1040(issues)S
1316(a)S
1397(write)S
1639(request)S
1963(to)S
2077(an)S
2207(object,)S
2512(the)S
2670(information)S
3178(label)S
3408(of)S
3527(the)S
3685(object)S
3965(will)S
4157(be)S
4287(adjusted)S
4656(\(if)S
4786(neces-)S
720 H
3984 V
720(sary\))S
953(to)S
1065(the)S
1221(level)S
1450(de\256ned)S
1779(by)S
1914(the)S
2071(information)S
2578(label)S
2807(of)S
2925(the)S
3082(subject;)S
3458(if)S
3554(a)S
3633(subject)S
3951(issues)S
4225(a)S
4304(read)S
4510(request)S
4833(to)S
4946(an)S
720 H
4104 V
720(object,)S
1026(the)S
1185(information)S
1694(label)S
1925(of)S
2044(the)S
2202(subject)S
2521(will)S
2713(be)S
2843(adjusted)S
3212(to)S
3326(the)S
3484(level)S
3714(de\256ned)S
4044(by)S
4180(the)S
4338(information)S
4846(label)S
720 H
4224 V
720(of)S
837(the)S
993(object.)S
1326(Note)S
1554(that)S
1738(information)S
2245(labels)S
2513(are)S
2669(adjusted)S
3037(upwards)S
3410(as)S
3528(a)S
3607(result)S
3864(of)S
3982(these)S
4222(actions;)S
4568(information)S
720 H
4344 V
720(labels)S
983(are)S
1134(never)S
1385(automatically)S
1959(adjusted)S
2322(to)S
2430(a)S
2504(lower)S
2761(level.)S
720 H
4500 V
720(The)S
906(AUTH_MLS)S
1470(credential)S
1894(in)S
2003(the)S
2156(RPC)S
2377(request)S
2697(message)S
3067(contains)S
3432(the)S
3586(current)S
3900(information)S
4404(label)S
4630(associated)S
720 H
4620 V
720(with)S
950(a)S
1045(TNFS)S
1341(client)S
1614(application)S
2109(\(subject\),)S
2534(and)S
2729(permits)S
3080(a)S
3175(remote)S
3503(\256le's)S
3754(object)S
4049(information)S
4572(label)S
4817(to)S
4946(be)S
720 H
4740 V
720(adjusted)S
1106(\(if)S
1253(necessary\))S
1726(as)S
1863(a)S
1961(result)S
2237(of)S
2374(a)S
2472(client)S
2748(generated)S
10 I
3189(write)S
10 R
3449(operation.)S
3935(The)S
4144(TNFS)S
4443(reply)S
4702(message)S
720 H
4860 V
720(includes)S
1089(a)S
1169(\256eld)S
1383(for)S
1535(the)S
1693(information)S
2201(label)S
2431(associated)S
2877(with)S
3091(an)S
3221(accessed)S
3605(\256le)S
3769(object,)S
4074(permitting)S
4527(the)S
4685(subject's)S
720 H
4980 V
720(information)S
1222(label)S
1446(to)S
1554(be)S
1678(adjusted)S
2041(\(if)S
2165(necessary\))S
2615(as)S
2728(a)S
2802(result)S
3054(of)S
3167(a)S
3241(client)S
3493(generated)S
10 I
3910(read)S
10 R
4123(operation.)S
720 H
5136 V
720(These)S
989(extensions)S
1442(are)S
1594(su)S
1683 H
	(f)show 10 -.5 mul h (\256)show
10 R
1767(cient)S
1992(to)S
2101(support)S
2432(the)S
2586(MAC)S
2846(information)S
3350(label)S
3576(policies)S
3919(with)S
4129(respect)S
4443(to)S
4553(network)S
4912(\256le)S
720 H
5256 V
720(access.)S
720 H
5496 V
10 B
720(3.3.3.)S
1005(Privilege)S
720 H
5652 V
10 R
720(The)S
914(TCSEC/CMW)S
1544(concept)S
1894(of)S
10 I
2017(least)S
2246(privilege)S
10 R
2641(is)S
2748(an)S
2882(integral)S
3227(part)S
3422(of)S
3545(the)S
3707(MLS)S
3953(environment.)S
4523(Fine)S
4741(grained)S
720 H
5772 V
720(privileges)S
1149(are)S
1305(granted)S
1638(to)S
1750(subjects)S
2106(\(and)S
2317(associated)S
2761(processes\),)S
3235(and)S
3413(executable)S
3873(objects)S
4190(\(\256les\))S
4457(according)S
4884(to)S
4996(a)S
720 H
5892 V
720(strict)S
956(set)S
1103(of)S
1222(rules.)S
1477(All)S
1641(subjects)S
1999(are)S
2156(limited)S
2476(with)S
2690(respect)S
3008(to)S
3122(the)S
3280(system)S
3594(actions)S
3913(they)S
4121(may)S
4329(perform.)S
4711(An)S
4869(exe-)S
720 H
6012 V
720(cutable)S
1052(object)S
1340(is)S
1451(also)S
1656(limited)S
1984(to)S
2106(a)S
2194(speci\256c)S
2543(set)S
2698(of)S
2825(actions,)S
3177(regardless)S
3625(of)S
3752(the)S
3918(subject)S
4245(which)S
4532(executes)S
4918(the)S
720 H
6132 V
720(object.)S
1021(Privilege)S
1414(sets)S
1596(associated)S
2038(with)S
2248(a)S
2324(\256le)S
2484(object)S
2760(are)S
2913(used)S
3129(to)S
3240(adjust)S
3512(a)S
3589(process's)S
3993(privileges)S
4420(during)S
4714(the)S
4869(exe-)S
720 H
6252 V
720(cution)S
1008(of)S
1129(that)S
1317(object.)S
1654(Thus,)S
1917(at)S
2027(any)S
2209(given)S
2469(time,)S
2710(a)S
2792(subject)S
3113(will)S
3307(possess)S
3644(only)S
3859(those)S
4107(privileges)S
4538(necessary)S
4962(to)S
720 H
6372 V
720(support)S
1050(the)S
1202(completion)S
1682(of)S
1795(its)S
1920(current)S
2232(task.)S
720 H
6528 V
720(Note,)S
975(however,)S
1379(that)S
1565(the)S
1723(privileges)S
2153(associated)S
2599(with)S
2813(a)S
2893(subject)S
3212(on)S
3348(a)S
3428(client)S
3686(system)S
4000(might)S
4270(not)S
4434(be)S
4565(extended)S
4962(to)S
720 H
6648 V
720(that)S
901(subject)S
1215(on)S
1346(a)S
1421(given)S
1674(remote)S
1981(server)S
2254(system.)S
2617(Although)S
3025(most)S
3250(subjects)S
3602(will)S
3788(likely)S
4046(retain)S
4303(their)S
4516(privileges)S
4940(on)S
720 H
6768 V
720(the)S
890(server,)S
1206(a)S
1299(client)S
1570(administrator,)S
2177(for)S
2342(example,)S
2754(might)S
3037(not)S
3214(be)S
3357(granted)S
3705(administrative)S
4326(privileges)S
4769(on)S
4918(the)S
5139(|)S
720 H
6888 V
720(server.)S
720 H
7044 V
720(For)S
913(TNFS,)S
1237(subject)S
1574(privileges)S
2022(are)S
2197(de\256ned)S
2545(within)S
2855(the)S
3031(AUTH_MLS)S
3618(credential,)S
4090(and)S
4288(\256le)S
4470(privileges)S
4919(are)S
720 H
7164 V
720(de\256ned)S
1044(within)S
1330(the)S
1482(security)S
1828(\256le)S
1986(attributes.)S
720 H
7680 V
720(TSIG-TNFS-001.2.03)S
4700([Page 3])S
7920 V
EP
%%Page: 4 4
BP
/slant 0 def
/height 1.000000 def
10 R
10 R
0 H
40 V
0(--)S
5406(--)S
720 H
520 V
720(INTERNET-DRAFT)S
2297(TNFS Protocol Speci\256cation)S
4472(May 24, 1992)S
720 H
840 V
10 B
720(3.3.4.)S
1005(File)S
1196(Name)S
1475(Attributes)S
720 H
996 V
10 R
720(UNIX)S
1007(\256le)S
1173(names)S
1466(may)S
1676(vary)S
1891(in)S
2007(length)S
2295(from)S
2527(1)S
2615(to)S
2732(255)S
2921(characters,)S
3388(and)S
3571(represent)S
3975(an)S
4108(additional)S
4547(data)S
4752(storage)S
720 H
1116 V
720(mechanism)S
1213(which)S
1495(must)S
1728(be)S
1860(protected)S
2269(by)S
2407(appropriate)S
2899(MLS)S
3143(policies.)S
3517(Generally,)S
3973(the)S
4132(contents)S
4502(of)S
4622(a)S
4703(\256le)S
4868(may)S
720 H
1236 V
720(be)S
850(classi\256ed,)S
1283(but)S
1447(the)S
1605(name)S
1857(of)S
1976(the)S
2134(\256le)S
2298(or)S
2417(knowledge)S
2891(of)S
3010(its)S
3141(existence)S
3549(is)S
3653(not.)S
3873(In)S
3993(some)S
4241(cases,)S
4513(however,)S
4918(the)S
720 H
1356 V
720(name)S
973(of)S
1093(the)S
1252(\256le)S
1417(as)S
1537(well)S
1746(as)S
1866(its)S
1998(contents)S
2368(may)S
2576(require)S
2894(classi\256cation)S
3452(and)S
3632(protection.)S
4128(For)S
4303(example,)S
4702(consider)S
720 H
1476 V
720(the)S
872(following)S
1291(\256le)S
1449(name:)S
720 H
1632 V
1220(codeword.SAND_AIRDEF.is.the.TOP-SECRET.DESERT_STORM.air.defense.project)S
720 H
1788 V
720(The)S
908(association)S
1385(of)S
1501(sensitivity)S
1946(and)S
2123(information)S
2628(labels)S
2894(with)S
3105(directory)S
3498(\256le)S
3659(name)S
3908(entries)S
4207(provides)S
4584(the)S
4740(support)S
720 H
1908 V
720(necessary)S
1137(to)S
1245(protect)S
1552(the)S
1704(use)S
1867(of)S
1980(classi\256ed)S
2382(\256le)S
2540(names.)S
720 H
2148 V
10 B
720(3.4.)S
930(Additional)S
1417(MLS)S
1664(Extensions)S
2156(for)S
2313(NFS)S
720 H
2304 V
10 R
720(In)S
833(an)S
957(MLS)S
1193(environment,)S
1753(both)S
1961(DAC)S
2202(and)S
2377(MAC)S
2636(access)S
2921(control)S
3235(policies)S
3577(are)S
3729(applied)S
4054(in)S
4163(determining)S
4677(access)S
4962(to)S
720 H
2424 V
720(a)S
820(given)S
1098(object.)S
1453(In)S
1592(a)S
1692(network)S
2075(environment)S
2636(of)S
2775(MLS)S
3036(systems)S
3408(participating)S
3968(in)S
4101(TNFS)S
4401(\256le)S
4584(access,)S
4918(the)S
720 H
2544 V
720(AUTH_MLS)S
1285(credential)S
1710(permits)S
2042(a)S
2118(TNFS)S
2396(server)S
2672(to)S
2783(apply)S
3038(both)S
3249(DAC)S
3493(and)S
3670(MAC)S
3931(policies)S
4275(in)S
4386(consideration)S
4957(of)S
720 H
2664 V
720(a)S
795(request)S
1114(from)S
1339(a)S
1414(remote)S
1722(NFS)S
1937(client)S
2190(subject.)S
2559(Thus,)S
2815(MLS)S
3052(based)S
3310(network)S
3667(\256le)S
3825(access)S
4109(using)S
4356(the)S
4508(NFS)S
4722(V2)S
4874(pro-)S
720 H
2784 V
720(tocol)S
950(can)S
1118(be)S
1242(supported)S
1666(through)S
2007(the)S
2159(use)S
2322(of)S
2435(the)S
2587(AUTH_MLS)S
3150(credential)S
3573(as)S
3686(described.)S
720 H
2940 V
720(Listing)S
1040(or)S
1159(modifying)S
1612(the)S
1770(DAC)S
2017(and)S
2198(MAC)S
2463(security)S
2816(attributes)S
3225(of)S
3345(a)S
3426(server's)S
3778(\256le)S
3943(or)S
4063(\256le)S
4228(name)S
4481(from)S
4712(a)S
4793(client,)S
720 H
3060 V
720(however,)S
1123(requires)S
1479(additional)S
1914(protocol)S
2282(extensions.)S
2794(Identifying)S
3273(additional)S
3708(security)S
4058(access)S
4346(restrictions)S
4824(when)S
720 H
3180 V
720(a)S
802(request)S
1128(is)S
1233(made)S
1488(to)S
1605(open)S
1838(a)S
1921(remote)S
2237(\256le)S
2404(is)S
2510(also)S
2710(considered)S
3181(to)S
3298(be)S
3431(a)S
3514(requirement.)S
4090(Extensions)S
4568(designed)S
4962(to)S
720 H
3300 V
720(satisfy)S
1011(these)S
1246(requirements)S
1797(are)S
1948(addressed)S
2371(by)S
2501(TNFS,)S
2801(and)S
2975(are)S
3126(described)S
3538(in)S
3646(the)S
3798(next)S
4000(subsections.)S
720 H
3540 V
10 B
720(3.4.1.)S
1005(Remote)S
1361(Access)S
1673(to)S
1786(Extended)S
2222(File)S
2413(Attributes)S
720 H
3732 V
10 R
720(The)S
907(DAC)S
1150(and)S
1326(MAC)S
1586(security)S
1934(attribute)S
2299(information)S
2803(includes)S
3168(MAC)S
3428(and)S
3604(information)S
4108(labels,)S
4399(and)S
4576(access)S
4863(con-)S
720 H
3852 V
720(trol)S
894(list)S
1052(information)S
1559(\(ACLs\).)S
1954(Supporting)S
2434(remote)S
2746(access)S
3034(to)S
3146(this)S
3325(information)S
3831(is)S
3932(more)S
4171(di)S
4249 H
	(f)show 10 -.5 mul h (\256)show
10 R
4333(cult)S
4517(to)S
4629(address)S
4962(in)S
720 H
3972 V
720(the)S
872(network)S
1229(environment,)S
1789(since:)S
720 H
4128 V
970(o)S
1220(it)S
1326(requires)S
1697(transmitting)S
2231(additional)S
2681(\256le)S
2859(security)S
3225(attribute)S
3608(information)S
4130(\(or)S
4296(its)S
4442(representation\))S
720 H
4248 V
1220("over)S
1468(the)S
1620(wire",)S
1893(and)S
720 H
4404 V
970(o)S
1220(additional)S
1650(\256le)S
1808(attribute)S
2171(information)S
2673(cannot)S
2969(be)S
3094(accommodated)S
3729(in)S
3838(the)S
3991(existing)S
4339(NFS)S
4554(V2)S
4707(protocol)S
720 H
4524 V
1220(\256le)S
1388(attribute)S
1761(data)S
1967(structures;)S
2423(additional)S
2863(support)S
3203(for)S
3358(setting)S
3664(and)S
3847(getting)S
4164(the)S
4325(extended)S
4724(security)S
720 H
4644 V
1220(attributes)S
1622(is)S
1719(required)S
720 H
4800 V
720(Thus,)S
978(extensions)S
1433(to)S
1544(the)S
1699(NFS)S
1916(V2)S
2071(protocol)S
2437(procedures)S
2907(have)S
3128(been)S
3350(de\256ned)S
3678(to)S
3790(support)S
4124(access)S
4412(to)S
4524(the)S
4680(extended)S
720 H
4920 V
720(attributes)S
1124(of)S
1239(served)S
1531(\256les)S
1730(and)S
1906(\256le)S
2066(names.)S
2378(The)S
2565(complete)S
2963(set)S
3106(of)S
3221(NFS)S
3437(protocol)S
3801(procedures)S
4269(and)S
4444(security)S
4791(exten-)S
720 H
5040 V
720(sions)S
956(are)S
1107(referred)S
1451(to)S
1559(in)S
1667(this)S
1842(document)S
2266(as)S
2379(the)S
2531(TNFS)S
2806(protocol.)S
720 H
5280 V
10 B
720(3.4.2.)S
1005(File)S
1196(Open)S
1460(Enhancement)S
720 H
5436 V
10 R
720(Using)S
993(the)S
1149(NFS)S
1367(V2)S
1523(protocol,)S
1915(a)S
1993(client)S
2249(request)S
2571(to)S
10 I
2683(open)S
2911(\(2\))S
10 R
3061(a)S
3139(remote)S
3450(\256le)S
3612(on)S
3746(the)S
3903(server)S
4181(may)S
4388(be)S
4517(translated)S
4940(by)S
720 H
5556 V
720(the)S
877(client)S
1134(into)S
1325(a)S
1404(GETATTR)S
1894(procedure)S
2327(call)S
2506(for)S
2657(the)S
2815(current)S
3133(directory)S
5524 V
8 R
3493(6)S
5556 V
10 R
3533(,)S
3594(followed)S
3985(by)S
4121(a)S
4201(LOOKUP)S
4642(procedure)S
720 H
5676 V
720(call)S
899(for)S
1049(the)S
1205(\256le)S
1367(to)S
1479(be)S
1607(opened.)S
1954(If)S
2054(valid)S
2288(responses)S
2710(from)S
2938(these)S
3177(procedure)S
3609(calls)S
3826(are)S
3981(returned,)S
4372(the)S
4528(client's)S
4856(NFS)S
720 H
5796 V
720(\256le)S
878(attribute)S
1241(cache)S
1497(is)S
1594(updated,)S
1965(and)S
2139(an)S
2263(open)S
2487(\256le)S
2645(descriptor)S
3074(may)S
3276(be)S
3400(returned)S
3762(to)S
3870(the)S
4022(requesting)S
4468(application.)S
720 H
5952 V
720(Since)S
986(the)S
1152(NFS)S
1380(V2)S
1546(protocol)S
1923(does)S
2150(not)S
2322(transmit)S
2694(an)S
2832(actual)S
3114(open)S
3352(request)S
3684(to)S
3806(the)S
3972(server,)S
4284(however,)S
4696(an)S
4834(MLS)S
720 H
6072 V
720(server)S
1002(will)S
1197(not)S
1364(be)S
1497(able)S
1702(to)S
1819(apply)S
2080(the)S
2241(appropriate)S
2734(DAC)S
2984(and)S
3167(MAC)S
3434(policy)S
3723(at)S
3834(the)S
3995(time)S
4212(of)S
4334(the)S
4495(open)S
4727(request,)S
720 H
6192 V
720(and)S
897(the)S
1052(application)S
1530(may)S
1736(\256nd)S
1926(that)S
2110(it)S
2200(has)S
2367(successfully)S
2889(opened)S
3211(the)S
3367(\256le,)S
3554(but)S
3716(that)S
3900(it)S
3990(cannot)S
4290(access)S
4578(the)S
4734(\256le)S
4896(due)S
720 H
6312 V
720(to)S
852(stronger)S
1233(access)S
1541(control)S
1878(policies)S
2243(being)S
2518(applied)S
2865(by)S
3018(the)S
3193(server)S
3489(in)S
3620(response)S
4022(to)S
4153(speci\256c)S
4511(client)S
4786(access)S
720 H
6432 V
720(requests.)S
720 H
6588 V
720(An)S
10 I
881(access)S
10 R
1180(protocol)S
1552(procedure)S
1989(would)S
2278(permit)S
2578(the)S
2739(client)S
3000(to)S
3117(determine)S
3555(whether)S
3915(access)S
4208(to)S
4326(the)S
4488(\256le)S
4656(would)S
4946(be)S
5139(|)S
720 H
6708 V
720(supported)S
1145(by)S
1276(the)S
1429(server,)S
1728(based)S
1986(on)S
2117(the)S
2270(application's)S
2817(open)S
3042(request)S
3361(type)S
3564(and)S
3739(the)S
3892(associated)S
4333(extended)S
4724(security)S
720 H
6828 V
720(attribute)S
1102(information.)S
1678(An)S
10 I
1849(ACCESS)S
10 R
2254(TNFS)S
2548(protocol)S
2930(procedure)S
3378(has)S
3561(been)S
3799(de\256ned)S
4143(to)S
4271(address)S
4620(this)S
4815(issue.)S
5139(|)S
720 H
6948 V
720(Thus,)S
977(if)S
1070(\256le)S
1229(attributes)S
1632(are)S
1784(being)S
2037(cached)S
2344(on)S
2475(the)S
2628(client,)S
2906(and)S
3081(the)S
3234(security)S
3581(attributes)S
3984(of)S
4098(a)S
4173(client)S
4426(process)S
4756(issuing)S
5139(|)S
720 H
7048 V
8 Y1
720(333333333333333333)S
720 H
7142 V
6 R
820(6)S
7166 V
8 R
890(Depends)S
1193(on)S
1297(the)S
1418(presence)S
1719(of)S
1809(valid)S
1992(attributes)S
2311(in)S
2397(the)S
2518(lookup)S
2764(cache)S
2968(\(DNLC\).)S
720 H
7680 V
10 R
720(TSIG-TNFS-001.2.03)S
4700([Page 4])S
7920 V
EP
%%Page: 5 5
BP
/slant 0 def
/height 1.000000 def
10 R
10 R
0 H
40 V
0(--)S
5406(--)S
720 H
520 V
720(INTERNET-DRAFT)S
2297(TNFS Protocol Speci\256cation)S
4472(May 24, 1992)S
720 H
840 V
720(a)S
801(request)S
1126(to)S
1241(open)S
1472(a)S
1553(remote)S
1867(\256le)S
2032(have)S
2257(been)S
2482(modi\256ed)S
2875(since)S
3117(the)S
3276(last)S
3452(time)S
3667(it)S
3760(issued)S
4047(an)S
4178(open)S
4410(request)S
4736(for)S
4890(that)S
5139(|)S
720 H
960 V
720(\256le,)S
915(then)S
1129(an)S
10 I
1265(ACCESS)S
10 R
1663(procedure)S
2103(call)S
2289(shall)S
2520(be)S
2656(made)S
2914(to)S
3034(the)S
3198(server)S
3483(to)S
3603(revalidate)S
4038(the)S
4202(access)S
4497(rights)S
4766(of)S
4890(that)S
5139(|)S
720 H
1080 V
720(client)S
972(process.)S
720 H
1320 V
10 B
720(3.4.3.)S
1005(File)S
1196(Name)S
1475(Enhancement)S
720 H
1476 V
10 R
720(Supporting)S
1200(the)S
1357(retrieval)S
1725(of)S
1844(the)S
2002(security)S
2354(attributes)S
2762(associated)S
3208(with)S
3422(each)S
3640(\256le)S
3804(name)S
4056(requires)S
4413(an)S
4543(extension)S
4962(to)S
5139(|)S
720 H
1596 V
720(the)S
902(directory)S
1322(result)S
1604(structure)S
2013(returned)S
2405(by)S
2565(the)S
2747(NFS)S
2991(directory)S
3410(procedures:)S
3934(LOOKUP,)S
4423(CREATE,)S
4896(and)S
5139(|)S
720 H
1716 V
720(MKDIR.)S
1108(This)S
1316(data)S
1512(structure)S
1891(extension)S
2304(is)S
2401(de\256ned)S
2725(in)S
2833(section)S
3146(3.4.5.1.)S
720 H
1872 V
720(The)S
911(ability)S
1203(to)S
1317(modify)S
1642(\256le)S
1806(name)S
2058(security)S
2410(attributes)S
2818(independently)S
3420(from)S
3650(\256le)S
3814(data)S
4016(security)S
4368(attributes)S
4776(is)S
4879(also)S
5139(|)S
720 H
1992 V
720(required.)S
1137(A)S
1239(new)S
1435(TNFS)S
1710(procedure,)S
10 I
2163(SETLABEL)S
10 R
2625(,)S
2680(has)S
2843(been)S
3061(de\256ned)S
3385(to)S
3493(support)S
3823(this)S
3998(capability.)S
720 H
2232 V
10 B
720(3.4.4.)S
1005(MultiLevel)S
1507(Directory)S
1946(Enhancement)S
720 H
2388 V
10 R
720(Directories)S
1194(are)S
1346(\256les)S
1544(which)S
1819(contain)S
2144(\256le)S
2303(names)S
2589(and)S
2764(pointers)S
3117(to)S
3226(the)S
3379(data)S
3577(associated)S
4019(with)S
4229(the)S
4383(\256le)S
4543(names.)S
4885(The)S
720 H
2508 V
720(\256les)S
923(contained)S
1347(in)S
1461(a)S
1541(directory)S
1936(include)S
2265(both)S
2478(regular)S
2795(\256les)S
2997(as)S
3115(well)S
3322(as)S
3440(other)S
3680(subdirectory)S
4214(\256les.)S
4441(Directories)S
4919(are)S
720 H
2628 V
720(used)S
933(to)S
1041(group)S
1304(\256les,)S
1526(and)S
1700(to)S
1808(support)S
2138(the)S
2290(\256le)S
2448(system)S
2756(hierarchy.)S
720 H
2784 V
720(In)S
846(an)S
983(MLS)S
1232(environment,)S
1805(\256les)S
2015(and)S
2203(directories)S
2668(are)S
2833(labeled)S
3165(with)S
3387(speci\256c)S
3736(classi\256cations;)S
4369(security)S
4729(policies)S
720 H
2904 V
720(limit)S
953(the)S
1118(access)S
1415(of)S
1541(a)S
1628(given)S
1893(\256le)S
2064(to)S
2184(a)S
2270(user)S
2478(with)S
2698(a)S
2784(classi\256cation)S
3348(which)S
3634(dominates)S
4087(the)S
4251(\256le's)S
4493(classi\256cation.)S
720 H
3024 V
720(MLS)S
962(implementations)S
1665(must)S
1896(continue)S
2276(to)S
2390(maintain)S
2776(the)S
2934(basic)S
3175(\256le)S
3339(system)S
3654(directory)S
4051(hierarchy,)S
4489(and)S
4670(also)S
4868(sup-)S
5139(|)S
720 H
3144 V
720(port)S
922(the)S
1085(MLS)S
1332(access)S
1627(policies.)S
2034(They)S
2280(must)S
2516(support)S
2857(the)S
3020(creation,)S
3406(storage,)S
3759(and)S
3943(access)S
4237(of)S
4360(\256les)S
4567(and)S
4751(data)S
4957(of)S
720 H
3264 V
720(di)S
798 H
	(f)show 10 -.5 mul h (f)show
10 R
859(erent)S
1094(security)S
1446(classi\256cations,)S
2069(and)S
2250(also)S
2448(provide)S
2790(some)S
3038(accommodation)S
3713(for)S
3866(the)S
4025(use)S
4195(of)S
4315(commonly)S
4780(shared)S
720 H
3384 V
720(directories,)S
1196(such)S
1409(as)S
10 I
1522(/tmp)S
10 R
1730(and)S
10 I
1904(/usr/tmp)S
10 R
2238(.)S
720 H
3540 V
720(One)S
920(implementation)S
1582(approach)S
1981(is)S
2082(to)S
2194(use)S
2361(\256le)S
2524(name)S
2775(security)S
3126(attributes,)S
3558(as)S
3676(described)S
4093(previously.)S
4605(The)S
4795(TNFS)S
5139(|)S
720 H
3660 V
720(\256le)S
884(name)S
1136(attributes)S
1544(and)S
10 I
1724(SETLABEL)S
10 R
2222(procedure)S
2656(support)S
2992(this)S
3173(approach.)S
3629(An)S
3787(alternative)S
4244(is)S
4347(to)S
4460(create)S
4732(a)S
4811(set)S
4957(of)S
720 H
3780 V
720(diversion)S
1123(directories)S
1575(below)S
1850(the)S
2003(actual)S
2272(MultiLevel)S
2753(Directory.)S
3221(Each)S
3451(diversion)S
3854(directory)S
4245(is)S
4344(associated)S
4786(with)S
4996(a)S
5139(|)S
720 H
3900 V
720(speci\256c)S
1062(classi\256cation)S
1621(level,)S
1877(and)S
2058(user)S
2261(access)S
2552(is)S
2656(directed)S
3014(into)S
3206(the)S
3364(appropriate)S
3854(diversion)S
4262(directory)S
4658(in)S
4772(a)S
4852(tran-)S
720 H
4020 V
720(sparent,)S
1072(pass-through)S
1627(manner.)S
1990(The)S
2184(TNFS)S
10 I
2468(MLD)S
10 R
2719(procedure)S
3157(supports)S
3536(diversion)S
3948(directory)S
4348(implementations.)S
5139(|)S
720 H
4140 V
720(Additional)S
1178(information)S
1680(is)S
1777(provided)S
2162(in)S
2270([4].)S
720 H
4380 V
10 B
720(3.4.5.)S
1005(TNFS)S
1291(Protocol)S
1681(Extensions)S
720 H
4536 V
10 R
720(Extensions)S
1194(to)S
1308(the)S
1466(NFS)S
1686(V2)S
1844(protocol)S
2213(are)S
2370(de\256ned)S
2700(in)S
2814(this)S
2995(section)S
3314(of)S
3433(the)S
3591(speci\256cation.)S
4187(These)S
4461(extensions)S
4919(are)S
720 H
4656 V
720(designed)S
1106(to)S
1215(support)S
1546(remote)S
1853(access)S
2137(to)S
2245(the)S
2397(security)S
2743(\256le)S
2901(attribute)S
3264(extensions,)S
3741(and)S
3915(to)S
4023(support)S
4353(the)S
4505(\256le)S
4663(open,)S
4912(\256le)S
720 H
4776 V
720(name,)S
991(and)S
1165(MultiLevel)S
1645(Directory)S
2057(enhancements.)S
720 H
5016 V
10 B
720(3.4.5.1.)S
1080(Data)S
1315(Structure)S
1755(De\256nitions)S
720 H
5172 V
10 R
720(The)S
908(de\256nitions)S
1364(which)S
1641(support)S
1974(the)S
2129(MLS)S
2368(extensions)S
2823(are)S
2977(described)S
3392(in)S
3504(this)S
3683(section.)S
4055(Since)S
4311(the)S
4467(de\256nitions)S
4924(for)S
720 H
5292 V
720(the)S
875(TNFS)S
1153(protocol)S
1519(are)S
1673(an)S
1800(extension)S
2216(of)S
2332(the)S
2487(original)S
2831(NFS)S
3048(V2)S
3203(protocol,)S
3594(this)S
3772(speci\256cation)S
4310(will)S
4499(include)S
4825(all)S
4957(of)S
720 H
5412 V
720(the)S
873(extended)S
1264(data)S
1461(structure)S
1841(de\256nitions,)S
2320(and)S
2495(a)S
2570(few)S
2750(of)S
2864(the)S
3017(original)S
3359(de\256nitions)S
3813(for)S
3960(clarity.)S
4271(Note)S
4496(that)S
4677(the)S
4830(argu-)S
720 H
5532 V
720(ments)S
989(and)S
1163(results)S
1454(are)S
1605(de\256ned)S
1929(using)S
2176(the)S
2328(RPC)S
2548(language.)S
720 H
5688 V
720(The)S
906(following)S
1326(RPC)S
1547(constants)S
1951(are)S
2104(used)S
2319(to)S
2429(identify)S
2772(the)S
2926(TNFS)S
3203(extensions)S
3657(which)S
3933(support)S
4265(MLS)S
4503(security)S
4851(poli-)S
720 H
5808 V
720(cies.)S
970(The)S
1165(TNFS)S
1450(program)S
1828(will)S
2024(be)S
2158(registered)S
2591(as)S
2714(a)S
2798(separate)S
3164(service)S
3487(with)S
3706(the)S
3869(RPC)S
4100(port)S
4302(mapping)S
4693(service.)S
5776 V
8 R
5000(7)S
720 H
5928 V
10 R
720(Registration)S
1242(as)S
1358(a)S
1435(di)S
1513 H
	(f)show 10 -.5 mul h (f)show
10 R
1574(erent)S
1806(service)S
2121(distinguishes)S
2677(the)S
2832(TNFS)S
3109(service)S
3423(from)S
3649(the)S
3803(original)S
4146(NFS)S
4362(V2)S
4516(service.)S
4885(The)S
720 H
6048 V
720(use)S
883(of)S
996(a)S
1070(di)S
1148 H
	(f)show 10 -.5 mul h (f)show
10 R
1209(erent)S
1438(version)S
1762(number)S
2097(distinguishes)S
2650(each)S
2862(request/response)S
3557(message.)S
720 H
6324 V
970(PROGRAM)S
1495(390086)S
1855(/*)S
1963(TNFS)S
2238(Program)S
2612(Number)S
2969(*/)S
720 H
6444 V
970(VERSION)S
1583(1)S
1693(/*)S
1801(TNFS)S
2076(Version)S
2422(1)S
2502(*/)S
720 H
6720 V
720(The)S
10 B
915(stat)S
10 R
1110(type)S
1322(is)S
1429(returned)S
1801(from)S
2035(every)S
2296(procedure)S
2734(call.)S
2973(A)S
3085(value)S
3341(of)S
3464(NFS_OK)S
3882(indicates)S
4277(the)S
4439(call)S
4624(completed)S
720 H
6840 V
720(successfully.)S
1271(Other)S
1536(values)S
1829(indicate)S
2183(that)S
2371(an)S
2502(error)S
2732(occurred)S
3117(during)S
3415(the)S
3574(servicing)S
3977(of)S
4097(the)S
4256(request.)S
4636(Note:)S
4895(this)S
720 H
6940 V
8 Y1
720(333333333333333333)S
720 H
7034 V
6 R
820(7)S
7058 V
8 R
890(TNFS)S
1124(server)S
1355(implementations)S
1923(may)S
2098(elect)S
2285(to)S
2385(share)S
2590(a)S
2663(common)S
2980(UDP)S
3179([13])S
3349(port)S
3515(number)S
3796(with)S
3976(the)S
4111(original)S
4396(NFS)S
4582(V2)S
720 H
7158 V
720(service,)S
988(or)S
1078(to)S
1164(make)S
1360(use)S
1490(of)S
1580(a)S
1639(di)S
1701 H
	(f)show 8 -.5 mul h (f)show
8 R
1750(erent)S
1932(port)S
2084(number.)S
720 H
7680 V
10 R
720(TSIG-TNFS-001.2.03)S
4700([Page 5])S
7920 V
EP
%%Page: 6 6
BP
/slant 0 def
/height 1.000000 def
10 R
10 R
0 H
40 V
0(--)S
5406(--)S
720 H
520 V
720(INTERNET-DRAFT)S
2297(TNFS Protocol Speci\256cation)S
4472(May 24, 1992)S
720 H
840 V
720(structure)S
1101(is)S
1200(unchanged)S
1664(from)S
1890(the)S
2044(NFS)S
2261(V2)S
2416(Protocol)S
2788(Speci\256cation.)S
3398(It)S
3492(is)S
3592(\(partially\))S
4024(reproduced)S
4505(here)S
4709(for)S
4858(clar-)S
720 H
960 V
720(ity.)S
720 H
1236 V
10 B
970(stat)S
720 H
1392 V
10 R
970(enum)S
1222(stat)S
1391({)S
720 H
1512 V
1220(NFS_OK)S
1628(=)S
1714(0,)S
720 H
1632 V
1220(NFSERR_PERM)S
1952(=)S
2038(1,)S
720 H
1752 V
1210(NFSERR_NOENT)S
2007(=)S
2093(2,)S
720 H
1872 V
1210(.)S
1265(.)S
1320(.)S
720 H
1992 V
1210([other)S
1478(NFS)S
1692(errors)S
1954(as)S
2067(de\256ned)S
2391(in)S
2499(the)S
2651(V2)S
2803(protocol)S
3166(speci\256cation])S
720 H
2112 V
970(};)S
720 H
2388 V
720(The)S
923(credential)S
1364(parameter)S
1810(is)S
1925(included)S
2317(in)S
2444(each)S
2675(RPC)S
2914(request)S
3251(message,)S
3663(and)S
3856(is)S
3972(used)S
4204(to)S
4331(supply)S
4647(the)S
4818(client)S
720 H
2508 V
720(subject's)S
1117(credentials)S
1591(to)S
1711(the)S
1875(server.)S
2214(The)S
2410(AUTH_MLS)S
2984(credential)S
3418(will)S
3615(be)S
3750(used)S
3974(with)S
4193(the)S
4356(TNFS)S
4642(procedure)S
720 H
2628 V
720(calls)S
933(and)S
1107(is)S
1204(de\256ned)S
1528(as)S
1641(follows:)S
720 H
2904 V
970(#de\256ne)S
1294(AUTH_MLS)S
1857(200000)S
2307(/*)S
2415(decimal)S
2761(*/)S
720 H
3060 V
970(#de\256ne)S
1294(MLS_TOKEN_SIZE)S
2179(4)S
2349(/*)S
2457(4)S
2537(octets)S
2800(or)S
2913(32)S
3043(bits)S
3218(*/)S
720 H
3216 V
970(typedef)S
1299(opaque)S
1617(t_token[MLS_TOKEN_SIZE];)S
2896(/*)S
3004(tokens)S
3295(are)S
3446(opaque)S
3764(*/)S
720 H
3372 V
970(struct)S
1222(authmls_cred)S
1790({)S
720 H
3492 V
1210(u_long)S
1548(auc_stamp;)S
2273(/*)S
2381(arbitrary)S
2754(ID)S
2889(*/)S
720 H
3612 V
1210(char)S
1501(auc_machname<255>;)S
2441(/*)S
2549(machine)S
2917(name)S
3163(*/)S
720 H
3732 V
1210(u_long)S
1548(auc_uid;)S
2222(/*)S
2330(e)S
2374 H
	(f)show 10 -.5 mul h (f)show
10 R
2435(ective)S
2703(uid)S
2861(*/)S
720 H
3852 V
1210(u_long)S
1548(auc_gid;)S
2222(/*)S
2330(e)S
2374 H
	(f)show 10 -.5 mul h (f)show
10 R
2435(ective)S
2703(gid)S
2861(*/)S
720 H
3972 V
1210(u_long)S
1548(auc_len;)S
2216(/*)S
2324(len)S
2476(of)S
2589(groups)S
2891(list)S
3044(*/)S
720 H
4092 V
1210(u_long)S
1548(auc_gids<24>;)S
2323(/*)S
2431(groups)S
2733(*/)S
720 H
4212 V
1210(u_long)S
1548(auc_aid;)S
2216(/*)S
2324(audit)S
2554(id)S
2662(*/)S
720 H
4332 V
1210(t_token)S
1540(auc_privs;)S
2226(/*)S
2334(subject)S
2647(privileges)S
3071(token)S
3323(*/)S
720 H
4452 V
1210(t_token)S
1540(auc_sens;)S
2228(/*)S
2336(sensitivity)S
2778(token)S
3030(*/)S
720 H
4572 V
1210(t_token)S
1540(auc_info;)S
2217(/*)S
2325(information)S
2827(token)S
3079(*/)S
720 H
4692 V
1210(t_token)S
1540(auc_integ;)S
2226(/*)S
2334(integrity)S
2703(token)S
2955(*/)S
720 H
4812 V
1210(t_token)S
1540(auc_vend;)S
2250(/*)S
2358(vendor)S
2665(speci\256c)S
3000(policy)S
3280(token)S
3532(*/)S
720 H
4932 V
970(};)S
720 H
5208 V
970(Note)S
1208(that)S
1402(if)S
1507(a)S
1595(given)S
1861(security)S
2221(attribute)S
2599(is)S
2711(not)S
2884(being)S
3151(exchanged,)S
3647(then)S
3864(the)S
4031(corresponding)S
4647(credential)S
720 H
5328 V
970(token)S
1227(value)S
1478(shall)S
1702(be)S
1831(set)S
1977(to)S
2090("all)S
2266(bits)S
2446(on".)S
2677(A)S
2784(given)S
3041(security)S
3392(policy)S
3677(may)S
3883(require)S
4199(that)S
4383(only)S
4595(a)S
4673(subset)S
4957(of)S
720 H
5448 V
970(the)S
1127(security)S
1478(attributes)S
1885(provided)S
2275(for)S
2426(in)S
2539(this)S
2719(speci\256cation)S
3259(be)S
3389(exchanged.)S
3906(For)S
4081(example,)S
4480(a)S
4560(C2)S
4713(network)S
720 H
5568 V
970(security)S
1317(policy)S
1598(requires)S
1950(the)S
2103(support)S
2434(of)S
2548(privileges,)S
2998(and)S
3173(might)S
3438(also)S
3630(require)S
3943(support)S
4274(for)S
4421(Access)S
4734(Control)S
720 H
5688 V
970(Lists)S
1200(\(ACLs\).)S
1595(In)S
1713(that)S
1898(case,)S
2129(the)S
2287(sensitivity,)S
2760(information,)S
3293(integrity,)S
3693(and)S
3873(vendor)S
4186(speci\256c)S
4527(token)S
4785(values)S
720 H
5808 V
970(shall)S
1189(be)S
1313(set)S
1454(to)S
1562("all)S
1733(bits)S
1908(on")S
2079(in)S
2187(the)S
2339(exchange)S
2745(messages.)S
720 H
6084 V
720(The)S
10 B
911(fattr)S
10 R
1140(structure)S
1525(de\256nes)S
1844(the)S
2002(complete)S
2404(set)S
2551(of)S
2670(\256le)S
2834(attributes)S
3242(of)S
3361(a)S
3441(\256le.)S
3630(The)S
3822(extended)S
10 B
4219(fattr)S
10 R
4449(structure)S
4835(com-)S
720 H
6204 V
720(bines)S
967(the)S
1125(NFS)S
1345(V2)S
10 B
1503(fattr)S
10 R
1732(structure)S
2117(with)S
2331(additional)S
2767(\256elds)S
3020(for)S
3172(a)S
3252(\256le's)S
3488(security)S
3840(attributes.)S
4303(The)S
4494(security)S
4846(attri-)S
720 H
6324 V
720(butes)S
961(are)S
1112(represented)S
1601(by)S
1731(tokens.)S
720 H
6600 V
970(struct)S
1222(fattr)S
1418({)S
720 H
6720 V
1210(ftype)S
1505(type;)S
1885(/*)S
1993(\256le)S
2151(type)S
2353(*/)S
720 H
6840 V
1210(u_long)S
1548(mode;)S
1978(/*)S
2086(encoded)S
2448(access)S
2732(mode)S
2984(*/)S
720 H
6960 V
1210(u_long)S
1548(nlink;)S
1932(/*)S
2040(number)S
2375(of)S
10 I
2488(hard)S
10 R
2707(links)S
2932(*/)S
720 H
7080 V
1210(u_long)S
1548(uid;)S
1914(/*)S
2022(\256le's)S
2252(owner)S
2531(id)S
2639(*/)S
720 H
7200 V
1210(u_long)S
1548(gid;)S
1914(/*)S
2022(\256le's)S
2252(group)S
2515(id)S
2623(*/)S
720 H
7680 V
720(TSIG-TNFS-001.2.03)S
4700([Page 6])S
7920 V
EP
%%Page: 7 7
BP
/slant 0 def
/height 1.000000 def
10 R
10 R
0 H
40 V
0(--)S
5406(--)S
720 H
520 V
720(INTERNET-DRAFT)S
2297(TNFS Protocol Speci\256cation)S
4472(May 24, 1992)S
720 H
840 V
1210(u_long)S
1548(size;)S
1911(/*)S
2019(\256le)S
2177(size)S
2362(in)S
2470(bytes)S
2711(*/)S
720 H
960 V
1210(u_long)S
1548(blocksize;)S
1983(/*)S
2091(number)S
2426(bytes/block)S
2917(*/)S
720 H
1080 V
1210(u_long)S
1548(rdev;)S
1933(/*)S
2041(device)S
2331(number)S
2666(of)S
2779(the)S
2931(\256le)S
3089(*/)S
720 H
1200 V
1210(u_long)S
1548(blocks;)S
1957(/*)S
2065(current)S
2377(number)S
2712(of)S
2825(blocks)S
3116(*/)S
720 H
1320 V
1210(u_long)S
1548(fsid;)S
1906(/*)S
2014(\256le)S
2172(system)S
2480(id)S
2588(*/)S
720 H
1440 V
1210(u_long)S
1548(\256leid;)S
1902(/*)S
2010(unique)S
2312(\256le)S
2470(identi\256er)S
2861(*/)S
720 H
1560 V
1210(timeval)S
1540(atime;)S
1940(/*)S
2048(time)S
2256(of)S
2369(\256le's)S
2599(last)S
2768(access)S
3052(*/)S
720 H
1680 V
1210(timeval)S
1540(mtime;)S
1974(/*)S
2082(time)S
2290(last)S
2459(modi\256ed)S
2845(\(written\))S
3224(*/)S
720 H
1800 V
1210(timeval)S
1540(ctime;)S
1940(/*)S
2048(time)S
2256(of)S
2369(last)S
2538(attribute)S
2901(change)S
3213(*/)S
720 H
1920 V
1210(t_token)S
1540(privs;)S
1918(/*)S
2026(\256le)S
2184(privileges)S
2608(token)S
2860(*/)S
720 H
2040 V
1210(t_token)S
1540(sens;)S
1920(/*)S
2028(sensitivity)S
2470(token)S
2722(*/)S
720 H
2160 V
1210(t_token)S
1540(info;)S
1909(/*)S
2017(information)S
2519(token)S
2771(*/)S
720 H
2280 V
1210(t_token)S
1540(integ;)S
1918(/*)S
2026(integrity)S
2395(token)S
2647(*/)S
720 H
2400 V
1210(t_token)S
1540(acl;)S
1894(/*)S
2002(access)S
2286(control)S
2599(list)S
2752(token)S
3004(*/)S
720 H
2520 V
1210(t_token)S
1540(vend;)S
1942(/*)S
2050(vendor)S
2357(speci\256c)S
2692(policy)S
2972(token)S
3224(*/)S
720 H
2640 V
970(};)S
720 H
2916 V
970(Note)S
1201(that)S
1388(if)S
1486(a)S
1567(given)S
1826(security)S
2179(attribute)S
2549(is)S
2653(not)S
2818(being)S
3077(exchanged,)S
3565(then)S
3774(the)S
3933(corresponding)S
4541(\256le)S
4707(attribute)S
720 H
3036 V
970(token)S
1222(value)S
1468(shall)S
1687(be)S
1811(set)S
1952(to)S
2060("all)S
2231(bits)S
2406(on".)S
720 H
3192 V
720(The)S
10 B
911(sattr)S
10 R
1146(structure)S
1531(de\256nes)S
1850(the)S
2008(\256le)S
2172(attributes)S
2580(which)S
2860(can)S
3035(be)S
3166(set)S
3314(from)S
3545(the)S
3704(client.)S
3988(The)S
4180(extended)S
10 B
4577(sattr)S
10 R
4813(struc-)S
720 H
3312 V
720(ture)S
922(combines)S
1352(the)S
1521(NFS)S
1752(V2)S
10 B
1921(sattr)S
10 R
2166(structure)S
2561(with)S
2785(additional)S
3231(\256elds)S
3494(for)S
3656(the)S
3824(security)S
4186(attributes,)S
4629(which)S
4919(are)S
720 H
3432 V
720(represented)S
1209(by)S
1339(tokens.)S
1685(A)S
1787(token)S
2039(value)S
2285(of)S
2398("all)S
2569(bits)S
2744(on")S
2915(indicates)S
3300(that)S
3480(the)S
3632(token)S
3884(\256eld)S
4092(is)S
4189(to)S
4297(be)S
4421(ignored.)S
720 H
3708 V
970(struct)S
1222(sattr)S
1424({)S
720 H
3828 V
1210(u_long)S
1548(mode;)S
1918(/*)S
2026(encoded)S
2388(access)S
2672(mode)S
2924(*/)S
720 H
3948 V
1210(u_long)S
1548(uid;)S
1854(/*)S
1962(\256le's)S
2192(owner)S
2471(id)S
2579(*/)S
720 H
4068 V
1210(u_long)S
1548(gid;)S
1854(/*)S
1962(\256le's)S
2192(group)S
2455(id)S
2563(*/)S
720 H
4188 V
1210(u_long)S
1548(size;)S
1851(/*)S
1959(\256le)S
2117(size)S
2302(in)S
2410(bytes)S
2651(*/)S
720 H
4308 V
1210(timeval)S
1540(atime;)S
1880(/*)S
1988(last)S
2157(access)S
2441(time)S
2649(*/)S
720 H
4428 V
1210(timeval)S
1540(mtime;)S
1914(/*)S
2022(last)S
2191(data)S
2387(modify)S
2706(time)S
2914(*/)S
720 H
4548 V
1210(t_token)S
1540(privs;)S
1858(/*)S
1966(\256le)S
2124(privileges)S
2548(token)S
2800(*/)S
720 H
4668 V
1210(t_token)S
1540(sens;)S
1860(/*)S
1968(sensitivity)S
2410(token)S
2662(*/)S
720 H
4788 V
1210(t_token)S
1540(info;)S
1849(/*)S
1957(information)S
2459(token)S
2711(*/)S
720 H
4908 V
1210(t_token)S
1540(integ;)S
1858(/*)S
1966(integrity)S
2335(token)S
2587(*/)S
720 H
5028 V
1210(t_token)S
1540(acl;)S
1834(/*)S
1942(access)S
2226(control)S
2539(list)S
2692(token)S
2944(*/)S
720 H
5148 V
1210(t_token)S
1540(vend;)S
1882(/*)S
1990(vendor)S
2297(speci\256c)S
2632(policy)S
2912(token)S
3164(*/)S
720 H
5268 V
970(};)S
720 H
5544 V
720(The)S
10 B
921(sattrargs)S
10 R
1349(structure)S
1744(is)S
1857(used)S
2086(by)S
2232(the)S
2400(SETATTR)S
2885(procedure.)S
3384(It)S
3491(contains)S
3870(the)S
4038(extended)S
10 B
4445(sattr)S
10 R
4691(structure)S
720 H
5664 V
720(de\256nition.)S
720 H
5940 V
970(struct)S
1222(sattrargs)S
1590({)S
720 H
6060 V
1090(fhandle)S
1419(\256le;)S
720 H
6180 V
1090(sattr)S
1292(attributes;)S
720 H
6300 V
970(};)S
720 H
6576 V
720(The)S
10 B
906(attrstat)S
10 R
1252(structure)S
1632(de\256nes)S
1946(a)S
2021(common)S
2402(procedure)S
2831(result)S
3084(containing)S
3537(the)S
3690(status)S
3950(of)S
4065(the)S
4219(procedure)S
4649(call.)S
4880(It)S
4973(is)S
720 H
6696 V
720(returned)S
1085(with)S
1296(the)S
1451(results)S
1745(of)S
1861(GETATTR,)S
2373(SETATTR,)S
2869(and)S
3045(WRITE)S
3393(procedure)S
3823(calls.)S
4093(If)S
4191(the)S
4345(call)S
4521(was)S
4708(success-)S
720 H
6816 V
720(ful,)S
10 B
894(attrstat)S
10 R
1248(contains)S
1620(the)S
1781(results)S
2081(for)S
2236(the)S
2397(speci\256c)S
2741(procedure)S
3178(called,)S
3480(and)S
3663(the)S
3824(complete)S
4229(set)S
4379(of)S
4501(\256le)S
4668(attributes)S
720 H
6936 V
720(for)S
866(the)S
1018(\256le)S
1176(on)S
1306(which)S
1580(the)S
1732(procedure)S
2160(was)S
2345(executed.)S
720 H
7680 V
720(TSIG-TNFS-001.2.03)S
4700([Page 7])S
7920 V
EP
%%Page: 8 8
BP
/slant 0 def
/height 1.000000 def
10 R
10 R
0 H
40 V
0(--)S
5406(--)S
720 H
520 V
720(INTERNET-DRAFT)S
2297(TNFS Protocol Speci\256cation)S
4472(May 24, 1992)S
720 H
840 V
970(union)S
1228(attrstat)S
1530(switch)S
1821(\(stat)S
2023(status\))S
2314({)S
720 H
960 V
1210(case)S
1411(NFS_OK:)S
720 H
1080 V
1330(fattr)S
1526(attributes;)S
720 H
1200 V
1210(default:)S
720 H
1320 V
1330(void;)S
720 H
1440 V
970(};)S
720 H
1716 V
720(The)S
10 B
914(diropargs)S
10 R
1370(structure)S
1758(is)S
1864(used)S
2086(in)S
2203(directory)S
2602(operations.)S
3082(The)S
3276(fhandle)S
10 B
3614(dir)S
10 R
3781(is)S
3888(the)S
4050(directory)S
4450(containing)S
4912(\256le)S
720 H
1836 V
720(name)S
10 B
966(name)S
10 R
1199(.)S
720 H
2112 V
970(struct)S
1222(diropargs)S
1629({)S
720 H
2232 V
1220(fhandle)S
1549(dir;)S
720 H
2352 V
1220(\256lename)S
1594(name;)S
720 H
2472 V
970(};)S
720 H
2748 V
720(The)S
10 B
927(diropres)S
10 R
1340(structure)S
1741(de\256nes)S
2076(the)S
2250(results)S
2563(of)S
2698(a)S
2794(directory)S
3206(procedure)S
3656(call.)S
3907(If)S
4025(the)S
4200(call)S
4397(was)S
4605(successful,)S
720 H
2868 V
10 B
720(diropres)S
10 R
1117(contains)S
1486(a)S
1566(new)S
1767(\256le)S
1930(handle)S
10 B
2231(\256le)S
10 R
2359(,)S
2419(the)S
2576(complete)S
2977(set)S
3123(of)S
3241(associated)S
3686(\256le)S
10 B
3849(attributes)S
10 R
4265(,)S
4325(and)S
4504(the)S
4661(\256le)S
4824(name)S
5139(|)S
720 H
2988 V
720(attributes:)S
10 B
1150(sens)S
10 R
1328(,)S
10 B
1383(info)S
10 R
1550(,)S
1605(and)S
10 B
1779(vend)S
10 R
1985(.)S
720 H
3264 V
970(union)S
1228(diropres)S
1585(switch)S
1876(\(stat)S
2078(status\))S
2369({)S
720 H
3384 V
1210(case)S
1411(NFS_OK:)S
720 H
3504 V
1330(struct)S
1582({)S
720 H
3624 V
1450(fhandle)S
1779(\256le;)S
720 H
3744 V
1450(fattr)S
1646(attributes;)S
720 H
3864 V
1450(t_token)S
1780(sens;)S
720 H
3984 V
1450(t_token)S
1780(info;)S
720 H
4104 V
1450(t_token)S
1780(vend;)S
5139(|)S
720 H
4224 V
1330(})S
1408(diropok;)S
720 H
4344 V
1210(default:)S
720 H
4464 V
1330(void;)S
720 H
4584 V
970(};)S
720 H
4860 V
720(The)S
10 B
908(readlinkres)S
10 R
1430(structure)S
1812(de\256nes)S
2128(the)S
2283(results)S
2578(of)S
2695(a)S
2773(READLINK)S
3317(procedure)S
3749(call.)S
3982(If)S
4082(the)S
4238(call)S
4416(was)S
4605(successful,)S
720 H
4980 V
10 B
720(readlinkres)S
10 R
1244(contains)S
1612(the)S
10 B
1769(data)S
10 R
1993(in)S
2106(the)S
2263(symbolic)S
2665(link)S
2856(of)S
2974(the)S
3131(\256le)S
3294(identi\256ed)S
3707(by)S
3842(the)S
3998(\256le)S
4160(handle)S
4460(argument,)S
4896(and)S
720 H
5100 V
720(the)S
873(complete)S
1270(set)S
1412(of)S
1526(associated)S
1967(\256le)S
10 B
2126(attributes)S
10 R
2542(.)S
2628(File)S
2815(attributes)S
3219(are)S
3372(returned)S
3736(with)S
3946(the)S
4100(READLINK)S
4642(procedure)S
720 H
5220 V
720(call)S
894(to)S
1002(support)S
1332(the)S
1484(information)S
1986(label)S
2210(adjustment)S
2679(policy.)S
720 H
5496 V
970(union)S
1228(readlinkres)S
1701(switch)S
1992(\(stat)S
2194(status\))S
2485({)S
720 H
5616 V
1210(case)S
1411(NFS_OK:)S
720 H
5736 V
1330(struct)S
1582({)S
720 H
5856 V
1450(path)S
1652(data;)S
720 H
5976 V
1450(fattr)S
1646(attributes;)S
720 H
6096 V
1330(})S
1408(readlinkok;)S
720 H
6216 V
1210(default:)S
720 H
6336 V
1330(void;)S
720 H
6456 V
970(};)S
720 H
6732 V
720(The)S
10 B
915(readdirres)S
10 R
1404(structure)S
1793(de\256nes)S
2116(the)S
2279(results)S
2581(of)S
2705(a)S
2790(READDIR)S
3275(procedure)S
3714(call.)S
3954(If)S
4061(the)S
4224(call)S
4409(was)S
4605(successful,)S
720 H
6852 V
10 B
720(readdirres)S
10 R
1203(returns)S
1514(a)S
1592(variable)S
1947(number)S
2286(of)S
2403(directory)S
10 B
2797(entries)S
10 R
3085(,)S
3144(with)S
3356(a)S
3434(total)S
3646(size)S
3835(of)S
3952(up)S
4086(to)S
4197(the)S
4352(amount)S
4685(speci\256ed)S
720 H
6972 V
720(in)S
830(the)S
984(argument)S
10 B
1393(count)S
10 R
1664(of)S
1779(the)S
10 B
1933(readdirargs)S
10 R
2470(structure.)S
2876(Each)S
3107(entry)S
3344(contains)S
3709(a)S
3785(unique)S
4089(\256le)S
4250(identi\256er,)S
4669(the)S
4824(name)S
5139(|)S
720 H
7092 V
720(of)S
844(the)S
1007(\256le,)S
1201(and)S
1386(an)S
1521(opaque)S
1850("pointer")S
2256(to)S
2374(the)S
2536("next")S
2830(entry)S
3075(in)S
3193(the)S
3355(directory,)S
3780(which)S
4064(is)S
4171(used)S
4394(in)S
4512(a)S
4596(subsequent)S
5139(|)S
720 H
7212 V
720(READDIR)S
1194(procedure)S
1622(call)S
1796(to)S
1904(obtain)S
2184(additional)S
2614(entries)S
2910(starting)S
3240(at)S
3342(that)S
3522("point")S
3840(in)S
3948(the)S
4100(directory.)S
4546(The)S
10 B
4732(eof)S
10 R
4890(\257ag)S
5139(|)S
720 H
7680 V
720(TSIG-TNFS-001.2.03)S
4700([Page 8])S
7920 V
EP
%%Page: 9 9
BP
/slant 0 def
/height 1.000000 def
10 R
10 R
0 H
40 V
0(--)S
5406(--)S
720 H
520 V
720(INTERNET-DRAFT)S
2297(TNFS Protocol Speci\256cation)S
4472(May 24, 1992)S
720 H
840 V
720(has)S
891(a)S
973(value)S
1227(of)S
1348(TRUE)S
1647(if)S
1746(there)S
1983(are)S
2142(no)S
2280(more)S
2523(directory)S
2920(entries.)S
3278(For)S
3454(TNFS,)S
3761(\256le)S
3926(attributes)S
4335(are)S
4493(returned)S
4862(with)S
5139(|)S
720 H
960 V
720(the)S
872(READDIR)S
1346(procedure)S
1774(call)S
1948(to)S
2056(support)S
2386(the)S
2538(information)S
3040(label)S
3264(adjustment)S
3733(policy.)S
720 H
1200 V
720(Note)S
946(that)S
1128(in)S
1238(responding)S
1714(to)S
1824(a)S
1900(READDIR)S
2376(procedure)S
2806(call,)S
3007(the)S
3161(server)S
3436(shall)S
3657(return)S
3927(only)S
4137(those)S
4381(directory)S
4774(entries)S
5139(|)S
720 H
1320 V
720(which)S
1014(the)S
1186(requesting)S
1652(client)S
1924(process)S
2273(dominates.)S
2759(Thus,)S
3034(security)S
3399(attribute)S
3781(tokens)S
4091(are)S
4261(not)S
4438(required)S
4819(to)S
4946(be)S
5139(|)S
720 H
1440 V
720(returned)S
1083(with)S
1292(each)S
1505(entry,)S
1767(and)S
1943(the)S
2097(directory)S
2489(information)S
2993(which)S
3269(is)S
3368(returned)S
3732(may)S
3936(be)S
4062(passed)S
4360(to)S
4470(the)S
4624(requesting)S
5139(|)S
720 H
1560 V
720(process)S
1049(without)S
1385(additional)S
1815(processing)S
2272(by)S
2402(the)S
2554(client)S
2806(TCB.)S
5139(|)S
720 H
1836 V
970(union)S
1228(readdirres)S
1656(switch)S
1947(\(stat)S
2149(status\))S
2440({)S
720 H
1956 V
1210(case)S
1411(NFS_OK:)S
720 H
2076 V
1330(struct)S
1582({)S
720 H
2196 V
1450(entry)S
1685(*entries;)S
720 H
2316 V
1450(bool)S
1658(eof;)S
720 H
2436 V
1450(fattr)S
1646(attributes;)S
720 H
2556 V
1330(})S
1408(readdirok;)S
720 H
2676 V
1210(default:)S
720 H
2796 V
1330(void;)S
720 H
2916 V
970(};)S
720 H
3156 V
970(TBD:)S
1228(ADD)S
1474(SOME)S
1782(RATIONALE)S
2383(HERE)S
2674(FOR)S
2899(WHY)S
3167(DON"T)S
3515(NEED)S
3811(TOKENS)S
4235(ON)S
4409(ENTRIES.)S
5139(|)S
720 H
3396 V
10 B
720(3.4.5.2.)S
1080(TNFS)S
1366(Protocol)S
1756(Procedure)S
2229(De\256nitions)S
720 H
3552 V
10 R
720(The)S
905(TNFS)S
1180(Protocol)S
1549(De\256nition)S
1985(integrates)S
2403(the)S
2555(use)S
2718(of:)S
720 H
3708 V
970(o)S
1220(the)S
1372(extended)S
10 B
1762(fattr)S
10 R
1985(and)S
10 B
2159(sattr)S
10 R
2388(structures,)S
720 H
3864 V
970(o)S
1220(an)S
1344(AUTH_MLS)S
1907(authentication)S
2503(style)S
2722(RPC)S
2942(credential,)S
720 H
4020 V
970(o)S
1220(a)S
1314(new)S
1530(TNFS)S
1825(protocol)S
2208(version)S
2552(number)S
2907(to)S
3035(di)S
3113 H
	(f)show 10 -.5 mul h (f)show
10 R
3174(erentiate)S
3567(between)S
3949(NFS)S
4183(V2)S
4356(and)S
4551(the)S
4724(security)S
720 H
4140 V
1220(extended)S
1610(TNFS)S
1885(protocol,)S
720 H
4296 V
970(o)S
1220(a)S
1294(new)S
1490(protocol)S
1853(procedure,)S
2306(ACCESS,)S
2740(to)S
2848(support)S
3178(the)S
3330(\256le)S
3488(open)S
3712(enhancement,)S
720 H
4452 V
970(o)S
1220(a)S
1299(new)S
1500(protocol)S
1868(procedure,)S
2326(SETLABEL,)S
2886(to)S
2999(support)S
3334(the)S
3491(modi\256cation)S
4032(of)S
4150(the)S
4308(\256le)S
4472(name)S
4724(security)S
720 H
4572 V
1220(attributes,)S
1647(and)S
720 H
4728 V
970(o)S
1220(a)S
1294(new)S
1490(protocol)S
1853(procedure,)S
2306(MLD,)S
2583(to)S
2691(support)S
3021(diversion)S
3423(directories)S
5139(|)S
720 H
4884 V
720(Other)S
979(than)S
1183(these)S
1420(changes,)S
1798(however,)S
2198(the)S
2352(syntax)S
2646(and)S
2823(semantics)S
3250(of)S
3366(TNFS)S
3644(remain)S
3954(the)S
4109(same)S
4347(as)S
4463(in)S
4574(the)S
4729(original)S
720 H
5004 V
720(NFS)S
934(V2)S
1086(speci\256cation.)S
720 H
5244 V
10 B
720(3.4.5.2.1.)S
1155(Access)S
1467(Procedure)S
720 H
5400 V
10 R
720(The)S
905(following)S
1324(descriptions)S
1837(are)S
1988(used)S
2201(to)S
2309(de\256ne)S
2583(the)S
2735(new)S
2931(ACCESS)S
3340(procedure.)S
720 H
5676 V
720(De\256nitions)S
1195(used)S
1408(to)S
1516(identify)S
1857(the)S
2009(access)S
2293(request)S
2611(type:)S
720 H
5832 V
970(#de\256ne)S
1294(READ)S
1686(0x001)S
720 H
5952 V
970(#de\256ne)S
1294(WRITE)S
1700(0x002)S
720 H
6072 V
970(#de\256ne)S
1294(EXEC)S
1675(0x004)S
720 H
6192 V
970(#de\256ne)S
1294(SEARCH)S
1749(0x008)S
720 H
6312 V
970(#de\256ne)S
1294(APPEND)S
1743(0x010)S
720 H
6588 V
720(Arguments)S
1194(for)S
1340(the)S
1492(remote)S
1799(access)S
2083(procedure:)S
720 H
6744 V
10 B
970(accessargs)S
720 H
6900 V
10 R
970(struct)S
1222(accessargs)S
1672({)S
720 H
7020 V
1210(fhandle)S
1569(\256le;)S
720 H
7140 V
1210(u_long)S
1578(\257ag;)S
720 H
7260 V
1000(};)S
720 H
7680 V
720(TSIG-TNFS-001.2.03)S
4700([Page 9])S
7920 V
EP
%%Page: 10 10
BP
/slant 0 def
/height 1.000000 def
10 R
10 R
0 H
40 V
0(--)S
5406(--)S
720 H
520 V
720(INTERNET-DRAFT)S
2297(TNFS Protocol Speci\256cation)S
4472(May 24, 1992)S
720 H
840 V
720(Response)S
1133(from)S
1357(the)S
1509(remote)S
1816(access)S
2100(procedure:)S
720 H
996 V
10 B
970(accessres)S
720 H
1152 V
10 R
970(union)S
1228(accessres)S
1628(switch)S
1919(\()S
1982(stat)S
2151(status)S
2409(\))S
2472({)S
720 H
1272 V
1090(case)S
1291(NFS_OK:)S
720 H
1392 V
1210(struct)S
1462({)S
720 H
1512 V
1330(bool_t)S
1616(status;)S
1962(/*)S
2070(access)S
2354(status:)S
2640(TRUE)S
2931(or)S
3044(FALSE)S
3410(*/)S
720 H
1632 V
1330(fattr)S
1556(attributes;)S
2016(/*)S
2124(standard)S
2492(\256le)S
2650(attributes)S
3052(*/)S
720 H
1752 V
1210(})S
1318(accessok;)S
720 H
1908 V
1090(default:)S
720 H
2028 V
1220(void;)S
720 H
2268 V
970(};)S
720 H
2544 V
720(Procedure)S
1154(de\256nition)S
1568(for)S
1714(checking)S
2104(remote)S
2411(access)S
2695(permission:)S
720 H
2700 V
10 B
970(accessres)S
720 H
2820 V
970(NFSPROC_ACCESS\(accessargs\))S
2426(=)S
2513(18)S
720 H
2976 V
10 R
970(Description:)S
720 H
3132 V
970(Determine)S
1427(if)S
1524(access)S
1815(as)S
1935(described)S
2354(by)S
10 B
2491(\257ag)S
10 R
2684(will)S
2877(be)S
3008(permitted)S
3428(on)S
3565(the)S
3724(remote)S
4038(served)S
4335(object)S
10 B
4616(\256le)S
10 R
4781(by)S
4918(the)S
720 H
3252 V
970(requester.)S
1426(Flag)S
1640(values)S
1931(are)S
2088(bit)S
2230(encoded)S
2598(as)S
2717(de\256ned)S
3047(previously.)S
3530(READ)S
3838(access)S
4128(means)S
4419(that)S
4604(the)S
4761(data)S
4962(in)S
720 H
3372 V
10 B
970(\256le)S
10 R
1131(can)S
1302(be)S
1429(read,)S
1658(WRITE)S
2007(access)S
2294(means)S
2582(that)S
2765(the)S
2920(data)S
3119(in)S
10 B
3231(\256le)S
10 R
3393(can)S
3565(be)S
3693(modi\256ed)S
4083(\(written\),)S
4491(EXEC)S
4786(access)S
720 H
3492 V
970(means)S
1266(that)S
10 B
1457(\256le)S
10 R
1626(can)S
1805(be)S
1940(accessed)S
2328(and)S
2512(executed)S
2906(\(local)S
3173(execution)S
3601(of)S
3724(a)S
3808(remote)S
4125(\256le\),)S
4351(SEARCH)S
4786(access)S
720 H
3612 V
970(means)S
1262(that)S
1449(the)S
1608(directory)S
10 B
2005(\256le)S
10 R
2170(can)S
2345(be)S
2476(used)S
2696(as)S
2816(the)S
2975(argument)S
3389(to)S
3504(a)S
3586(LOOKUP)S
4029(operation,)S
4469(and)S
4651(APPEND)S
720 H
3732 V
970(means)S
1255(that)S
1435(the)S
1587(\256le)S
1745(size)S
1930(can)S
2098(be)S
2222(extended.)S
2667(If)S
10 B
2763(status)S
10 R
3043(is)S
3140(NFS_OK:)S
720 H
3888 V
10 B
1220(accessok.status)S
10 R
1908(will)S
2112(be)S
2254(set)S
2413(to)S
10 B
2539(TRUE)S
10 R
2865(if)S
2974(the)S
3144(access)S
3446(request)S
3782(would)S
4080(be)S
4222(allowed,)S
4611(and)S
4803(set)S
4962(to)S
720 H
4008 V
10 B
1220(FALSE)S
10 R
1573(otherwise,)S
2016(and)S
720 H
4164 V
10 B
1220(attributes)S
10 R
1666(will)S
1852(contain)S
2176(the)S
2328(complete)S
2724(set)S
2865(of)S
2978(\256le)S
3136(attributes)S
720 H
4320 V
970(Otherwise:)S
720 H
4476 V
1220(the)S
1372(NFSERR)S
1781(error)S
2004(number)S
2339(returned)S
2701(identi\256es)S
3098(the)S
3250(error)S
3473(condition)S
720 H
4632 V
970(Implementation:)S
720 H
4788 V
970(The)S
1167(ACCESS)S
1588(procedure)S
2028(provides)S
2414(a)S
2501(means)S
2799(for)S
2958(checking)S
3361(\256le)S
3532(access)S
3829(permission)S
4311(prior)S
4548(to)S
4669(issuing)S
4996(a)S
720 H
4908 V
970(subsequent)S
1452(set)S
1601(of)S
1722(\256le)S
1888(operations.)S
2367(For)S
2544(example,)S
2945(a)S
3027(TNFS)S
3310(client)S
3570(may)S
3780(issue)S
4018(an)S
4150(access)S
4441(procedure)S
4876(as)S
4996(a)S
720 H
5028 V
970(result)S
1223(of)S
1337(an)S
1462(application's)S
2009(\256le)S
10 I
2168(open)S
2393(\(2\))S
10 R
2540(request)S
2859(to)S
2968(determine)S
3398(if)S
3490(subsequent)S
3965(\256le)S
10 I
4124(reads)S
10 R
4377(and/or)S
10 I
4663(writes)S
10 R
4940(by)S
720 H
5148 V
970(the)S
1128(application)S
1608(would)S
1894(be)S
2024(denied)S
2326(by)S
2462(the)S
2620(server)S
2899(as)S
3018(a)S
3098(result)S
3356(of)S
3475(the)S
3633(server's)S
3983(extended)S
4378(\256le)S
4541(access)S
4830(secu-)S
5139(|)S
720 H
5268 V
970(rity)S
1153(policies.)S
1563(Note)S
1801(that)S
1995(the)S
2161(processing)S
2632(of)S
2759(an)S
10 I
2897(open)S
3135(\(2\))S
10 R
3295(request)S
3628(for)S
3789(a)S
3878(remote)S
4200(\256le)S
4373(shall)S
4607(include)S
4946(an)S
5139(|)S
720 H
5388 V
10 I
970(ACCESS)S
10 R
1366(procedure)S
1804(call)S
1988(if)S
2089(the)S
2251(security)S
2607(attributes)S
3019(of)S
3142(the)S
3304(issuing)S
3628(client)S
3890(process)S
4229(have)S
4457(been)S
4684(modi\256ed)S
5139(|)S
720 H
5508 V
970(since)S
1210(the)S
1367(last)S
1541(time)S
1754(that)S
1939(process)S
2273(issued)S
2558(an)S
2687(open)S
2916(request)S
3240(for)S
3392(that)S
3578(\256le.)S
3797(Note)S
4027(also)S
4224(that)S
4410(the)S
4568(information)S
5139(|)S
720 H
5628 V
970(returned)S
1352(by)S
1502(the)S
1674(server)S
1967(in)S
2095(response)S
2494(to)S
2622(an)S
2766(ACCESS)S
3195(procedure)S
3643(call)S
3837(is)S
3954(not)S
4131(static;)S
4419(subsequent)S
4912(\256le)S
720 H
5748 V
970(administrative)S
1572(procedures)S
2039(may)S
2241(result)S
2493(in)S
2601(the)S
2753(modi\256cation)S
3289(of)S
3402(the)S
3554(\256le's)S
3784(security)S
4130(attributes.)S
720 H
5988 V
10 B
720(3.4.5.2.2.)S
1155(Set)S
1318(Label)S
1593(Procedure)S
720 H
6144 V
10 R
720(The)S
905(following)S
1324(descriptions)S
1837(are)S
1988(used)S
2201(to)S
2309(de\256ne)S
2583(the)S
2735(new)S
2931(SETLABEL)S
3461(procedure.)S
720 H
6420 V
720(Arguments)S
1194(for)S
1340(the)S
1492(set)S
1633(label)S
1857(procedure:)S
720 H
6576 V
10 B
970(setlabargs)S
720 H
6732 V
10 R
970(struct)S
1222(setlabargs)S
1651({)S
720 H
6852 V
1210(struct)S
1462(diropargs)S
1869(dirargs;)S
720 H
6972 V
1210(t_token)S
1570(sens;)S
720 H
7092 V
1210(t_token)S
1570(info;)S
720 H
7212 V
1210(t_token)S
1570(vend;)S
5139(|)S
720 H
7680 V
720(TSIG-TNFS-001.2.03)S
4650([Page 10])S
7920 V
EP
%%Page: 11 11
BP
/slant 0 def
/height 1.000000 def
10 R
10 R
0 H
40 V
0(--)S
5406(--)S
720 H
520 V
720(INTERNET-DRAFT)S
2297(TNFS Protocol Speci\256cation)S
4472(May 24, 1992)S
720 H
840 V
1000(};)S
720 H
1116 V
720(Response)S
1133(from)S
1357(the)S
1509(set)S
1650(label)S
1874(procedure:)S
5139(|)S
720 H
1272 V
10 B
970(diropres)S
10 R
5139(|)S
720 H
1428 V
970(union)S
1228(diropres)S
1585(switch)S
1876(\()S
1939(stat)S
2108(status)S
2366(\))S
2429({)S
5139(|)S
720 H
1548 V
1090(case)S
1291(NFS_OK:)S
5139(|)S
720 H
1668 V
1210(struct)S
1462({)S
5139(|)S
720 H
1788 V
1300(fhandle)S
1629(\256le;)S
5139(|)S
720 H
1908 V
1300(fattr)S
1496(attributes;)S
5139(|)S
720 H
2028 V
1300(t_token)S
1630(sens;)S
5139(|)S
720 H
2148 V
1300(t_token)S
1630(info;)S
5139(|)S
720 H
2268 V
1300(t_token)S
1630(vend;)S
5139(|)S
720 H
2388 V
1090(})S
1168(diropok;)S
5139(|)S
720 H
2544 V
1090(default:)S
5139(|)S
720 H
2664 V
1220(void;)S
720 H
2904 V
970(};)S
5139(|)S
720 H
3180 V
720(Procedure)S
1154(de\256nition)S
1568(for)S
1714(setting)S
2011(\256le)S
2169(name)S
2415(security)S
2761(attributes:)S
720 H
3336 V
10 B
970(diropres)S
720 H
3456 V
970(NFSPROC_SETLABEL\(setlabargs\))S
2551(=)S
2638(19)S
720 H
3612 V
10 R
970(Description:)S
720 H
3768 V
970(Set)S
1136(the)S
1296(\256le)S
1463(name)S
1718(security)S
2073(attributes:)S
2512(the)S
2673(sensitivity)S
3124(label)S
10 B
3357(sens)S
10 R
3535(,)S
3599(the)S
3760(information)S
4271(label)S
10 B
4504(info)S
10 R
4671(,)S
4735(and)S
4918(the)S
5139(|)S
720 H
3888 V
970(vendor)S
1287(speci\256c)S
1631(policy)S
1920(label)S
10 B
2153(vend)S
10 R
2398(on)S
2537(the)S
2698(\256le)S
2865(name)S
10 B
3120(name)S
10 R
3392(in)S
3509(the)S
3670(parent)S
3958(directory)S
10 B
4357(dir)S
10 R
4485(.)S
4579(If)S
10 B
4684(status)S
10 R
4973(is)S
720 H
4008 V
970(NFS_OK:)S
720 H
4164 V
1220(then)S
1427(the)S
1584(reply)S
10 B
1824(\256le)S
10 R
1987(and)S
2166(reply)S
10 B
2406(attributes)S
10 R
2857(are)S
3013(the)S
3170(\256le)S
3333(handle)S
3634(and)S
3813(attributes)S
4220(for)S
4371(the)S
4529(\256le)S
10 B
4693(name)S
10 R
4962(in)S
720 H
4284 V
1220(the)S
1374(directory)S
1766(given)S
2020(by)S
10 B
2152(dir)S
10 R
2312(in)S
2422(the)S
2576(argument,)S
3010(and)S
3186(the)S
3340(reply)S
10 B
3577(sens)S
10 R
3755(,)S
3812(reply)S
10 B
4048(info)S
10 R
4215(,)S
4271(and)S
4446(reply)S
10 B
4682(vend)S
10 R
4919(are)S
5139(|)S
720 H
4404 V
1220(the)S
1372(sensitivity,)S
1839(information,)S
2366(and)S
2540(vendor)S
2847(speci\256c)S
3182(policy)S
3462(labels)S
3725(for)S
3871(the)S
4023(\256le)S
4181(name)S
10 B
4427(name)S
10 R
4660(.)S
720 H
4560 V
970(Otherwise:)S
720 H
4716 V
1220(the)S
1372(NFSERR)S
1781(error)S
2004(number)S
2339(returned)S
2701(identi\256es)S
3098(the)S
3250(error)S
3473(condition)S
720 H
4872 V
970(Implementation:)S
720 H
5028 V
970(The)S
1166(SETLABEL)S
1707(procedure)S
2146(provides)S
2531(a)S
2616(means)S
2912(for)S
3069(modifying)S
3527(the)S
3690(\256le)S
3860(name)S
4118(security)S
4476(attributes:)S
4918(the)S
5139(|)S
720 H
5148 V
970(sensitivity,)S
1458(information,)S
2006(and)S
2201(vendor)S
2529(speci\256c)S
2884(policy)S
3184(labels)S
3467(associated)S
3927(with)S
4155(the)S
4327(\256le)S
4505(name)S
4771(object.)S
720 H
5268 V
970(When)S
1255(a)S
1346(\256le)S
1521(is)S
1635(created,)S
1994(the)S
2163(\256le)S
2338(name)S
2601(sensitivity)S
3060(label)S
3301(will)S
3504(be)S
3645(set)S
3804(equal)S
4068(to)S
4194(the)S
4364(sensitivity)S
4824(value)S
5139(|)S
720 H
5388 V
970(identi\256ed)S
1382(in)S
1494(the)S
1650(credential)S
2077(structure,)S
2485(and)S
2663(the)S
2819(\256le)S
2981(name)S
3231(information)S
3737(label)S
3965(will)S
4154(be)S
4281(set)S
4425(to)S
4536(the)S
4691(informa-)S
5139(|)S
720 H
5508 V
970(tion)S
1167(value)S
1424(identi\256ed)S
1843(in)S
1962(the)S
2125(credential)S
2559(structure.)S
3005(Once)S
3257(the)S
3421(\256le)S
3591(is)S
3700(created,)S
4054(however,)S
4464(the)S
4628(sensitivity)S
720 H
5628 V
970(and)S
1157(information)S
1672(labels)S
1948(of)S
2074(the)S
2239(\256le)S
2410(name)S
2669(and)S
2856(the)S
3021(\256le)S
3192(data)S
3401(are)S
3565(maintained)S
4052(independently.)S
4715(The)S
4912(\256le)S
720 H
5748 V
970(data)S
1170(security)S
1520(attribute)S
1887(information)S
2393(is)S
2494(maintained)S
2972(by)S
3107(SETATTR,)S
3606(and)S
3785(the)S
3942(\256le)S
4105(name)S
4356(security)S
4707(attribute)S
720 H
5868 V
970(information)S
1472(is)S
1569(maintained)S
2043(by)S
2173(SETLABEL.)S
720 H
6108 V
10 B
720(3.4.5.2.3.)S
1155(MultiLevel)S
1657(Diversion)S
2098(Directory)S
2537(Procedure)S
5139(|)S
720 H
6264 V
10 R
720(The)S
905(following)S
1324(descriptions)S
1837(are)S
1988(used)S
2201(to)S
2309(de\256ne)S
2583(the)S
2735(new)S
2931(procedure)S
3359(to)S
3467(support)S
3797(diversion)S
4199(directories.)S
5139(|)S
720 H
6540 V
720(De\256nitions)S
1195(used)S
1408(to)S
1516(identify)S
1857(the)S
2009(MLD)S
2261(request)S
2579(operations:)S
5139(|)S
720 H
6696 V
970(#de\256ne)S
1294(CREATE)S
1803(1)S
5139(|)S
720 H
6816 V
970(#de\256ne)S
1294(REMOVE)S
1836(2)S
5139(|)S
720 H
6936 V
970(#de\256ne)S
1294(ISMLD)S
1755(3)S
5139(|)S
720 H
7680 V
720(TSIG-TNFS-001.2.03)S
4650([Page 11])S
7920 V
EP
%%Page: 12 12
BP
/slant 0 def
/height 1.000000 def
10 R
10 R
0 H
40 V
0(--)S
5406(--)S
720 H
520 V
720(INTERNET-DRAFT)S
2297(TNFS Protocol Speci\256cation)S
4472(May 24, 1992)S
720 H
840 V
720(Arguments)S
1194(for)S
1340(the)S
1492(MLD)S
1744(procedure:)S
720 H
996 V
10 B
970(mldargs)S
720 H
1152 V
10 R
970(struct)S
1222(mldargs)S
1574({)S
720 H
1272 V
1210(fhandle)S
1569(\256le;)S
720 H
1392 V
1210(u_long)S
1578(op;)S
5139(|)S
720 H
1512 V
1000(};)S
720 H
1788 V
720(Response)S
1133(from)S
1357(the)S
1509(remote)S
1816(access)S
2100(procedure:)S
720 H
1944 V
10 B
970(mldres)S
720 H
2100 V
10 R
970(union)S
1228(mldres)S
1530(switch)S
1821(\()S
1884(stat)S
2053(status)S
2311(\))S
2374({)S
720 H
2220 V
1090(case)S
1291(NFS_OK:)S
720 H
2340 V
1210(struct)S
1462({)S
720 H
2460 V
1330(bool_t)S
1616(status;)S
1962(/*)S
2070(ISMLD)S
2411(status:)S
2697(TRUE)S
2988(or)S
3101(FALSE)S
3467(*/)S
720 H
2580 V
1330(fattr)S
1556(attributes;)S
2016(/*)S
2124(standard)S
2492(\256le)S
2650(attributes)S
3052(*/)S
720 H
2700 V
1210(})S
1318(mldok;)S
720 H
2856 V
1090(default:)S
720 H
2976 V
1220(void;)S
720 H
3216 V
970(};)S
720 H
3492 V
720(Procedure)S
1154(de\256nition)S
1568(for)S
1714(maintaining)S
2222(diversion)S
2624(directories:)S
5139(|)S
720 H
3648 V
10 B
970(mldres)S
720 H
3768 V
970(NFSPROC_MLD\(mldargs\))S
2171(=)S
2258(20)S
720 H
3924 V
10 R
970(Description:)S
720 H
4080 V
970(Support)S
1327(the)S
1489(creation)S
1850(and)S
2035(removal)S
2403(of)S
2527(diversion)S
2940(directories,)S
3427(and)S
3612(the)S
3775(ability)S
4072(to)S
4191(determine)S
4631(if)S
4733(a)S
4818(given)S
5139(|)S
720 H
4200 V
970(directory)S
1372(is)S
1481(a)S
1567(diversion)S
1981(directory.)S
2438(The)S
2635(CREATE)S
3066(operation)S
3485(requests)S
3854(that)S
4046(a)S
4132(diversion)S
4545(directory)S
4946(be)S
5139(|)S
720 H
4320 V
970(created,)S
1320(the)S
1480(REMOVE)S
1940(operation)S
2355(requests)S
2720(that)S
2908(a)S
2990(diversion)S
3401(directory)S
3800(be)S
3933(destroyed,)S
4385(and)S
4568(the)S
4729(ISMLD)S
5139(|)S
720 H
4440 V
970(operation)S
1377(requests)S
1734(that)S
1914(the)S
2066(diversion)S
2468(status)S
2726(of)S
2839(the)S
2991(\256le)S
3149(be)S
3273(returned.)S
3690(If)S
10 B
3786(status)S
10 R
4066(is)S
4163(NFS_OK:)S
720 H
4596 V
1220(if)S
1314(the)S
10 B
1469(mldargs.op)S
10 R
1983(was)S
2171(ISMLD,)S
2540(then)S
10 B
2745(mldok.status)S
10 R
3326(will)S
3515(be)S
3642(set)S
3786(to)S
10 B
3898(TRUE)S
10 R
4210(if)S
4305(the)S
4461(\256le)S
4623(is)S
4724(a)S
4802(diver-)S
5139(|)S
720 H
4716 V
1220(sion)S
1417(directory,)S
1832(and)S
2006(set)S
2147(to)S
10 B
2255(FALSE)S
10 R
2608(otherwise)S
720 H
4872 V
1220(if)S
1311(the)S
10 B
1463(mldargs.op)S
10 R
1974(was)S
2159(not)S
2317(ISMLD,)S
2683(then)S
2885(mldok.status)S
3424(has)S
3587(no)S
3717(meaning)S
5139(|)S
720 H
5028 V
10 B
1220(attributes)S
10 R
1666(will)S
1852(contain)S
2176(the)S
2328(complete)S
2724(set)S
2865(of)S
2978(\256le)S
3136(attributes)S
720 H
5184 V
970(Otherwise:)S
720 H
5340 V
1220(the)S
1372(NFSERR)S
1781(error)S
2004(number)S
2339(returned)S
2701(identi\256es)S
3098(the)S
3250(error)S
3473(condition)S
720 H
5496 V
970(Implementation:)S
720 H
5652 V
970(The)S
1155(MLD)S
1408(procedure)S
1837(provides)S
2212(the)S
2365(means)S
2651(for)S
2798(creating,)S
3175(removing,)S
3614(and)S
3789(checking)S
4180(for)S
4327(the)S
4480(existence)S
4882(of)S
4996(a)S
5139(|)S
720 H
5772 V
970(diversion)S
1372(directory.)S
5139(|)S
720 H
5928 V
970(MultiLevel)S
1452(Directory)S
1866(implementations)S
2565(which)S
2841(make)S
3089(use)S
3254(of)S
3369(\256le)S
3529(name)S
3777(attributes)S
4181(shall)S
4403(return)S
10 B
4674(status)S
10 R
4957(of)S
5139(|)S
720 H
6048 V
970(NFS_OK)S
1385(in)S
1500(response)S
1886(to)S
2001(CREATE,)S
2451(REMOVE,)S
2934(and)S
3114(ISMLD)S
3461(requests,)S
3849(since)S
4090(all)S
4226(directories)S
4683(are)S
4840(Mul-)S
5139(|)S
720 H
6168 V
970(tiLevel)S
1283(Directories)S
1756(in)S
1864(such)S
2077(an)S
2201(environment)S
2736(and)S
2910(thus)S
3107(no)S
3237(explicit)S
3567(action)S
3841(is)S
3938(required.)S
720 H
6408 V
10 B
720(3.4.5.2.4.)S
1155(TNFS)S
1441(Service)S
1781(Routines)S
720 H
6564 V
10 R
720(The)S
927(TNFS)S
1224(protocol)S
1609(de\256nition)S
2045(is)S
2164(de\256ned)S
2510(below)S
2806(as)S
2941(a)S
3037(set)S
3201(of)S
3337(procedures,)S
3852(arguments,)S
4346(and)S
4543(results.)S
4912(All)S
720 H
6684 V
720(modi\256ed)S
1135(data)S
1360(structure)S
1768(de\256nitions)S
2250(are)S
2430(included)S
2833(in)S
2970(this)S
3174(speci\256cation.)S
3793(Most)S
4058(NFS)S
4301(V2)S
4482(protocol)S
4874(data)S
720 H
6804 V
720(de\256nitions)S
1180(remain)S
1494(unchanged,)S
1988(and)S
2169(are)S
2328(documented)S
2854(in)S
2970(the)S
3130(NFS)S
3352(V2)S
3512(protocol)S
3883(speci\256cation.)S
4481(The)S
4674(complete)S
720 H
6924 V
720(set)S
871(of)S
994(TNFS)S
1279(protocol)S
1651(procedures)S
2127(are)S
2287(de\256ned)S
2620(below.)S
2958(The)S
3152(ACCESS,)S
3595(SETLABEL,)S
4159(and)S
4342(MLD)S
4603(procedures)S
720 H
7044 V
720(are)S
891(new,)S
1132(but)S
1310(the)S
1482(other)S
1737(procedures)S
2224(are)S
2395(the)S
2567(same)S
2823(as)S
2957(those)S
3219(de\256ned)S
3564(in)S
3693(the)S
3866(NFS)S
4101(V2)S
4274(speci\256cation.)S
4885(The)S
720 H
7164 V
720(GETATTR,)S
1267(SETATTR,)S
1798(LOOKUP,)S
2295(READLINK,)S
2897(READ,)S
3260(WRITE,)S
3667(CREATE,)S
4147(MKDIR,)S
4571(READDIR,)S
720 H
7284 V
720(ACCESS,)S
1160(SETLABEL,)S
1721(and)S
1901(MLD)S
2159(procedures)S
2632(for)S
2784(the)S
2943(TNFS)S
3225(protocol,)S
3620(however,)S
4025(include)S
4356(the)S
4515(extended)S
4912(\256le)S
720 H
7680 V
720(TSIG-TNFS-001.2.03)S
4650([Page 12])S
7920 V
EP
%%Page: 13 13
BP
/slant 0 def
/height 1.000000 def
10 R
10 R
0 H
40 V
0(--)S
5406(--)S
720 H
520 V
720(INTERNET-DRAFT)S
2297(TNFS Protocol Speci\256cation)S
4472(May 24, 1992)S
720 H
840 V
720(attribute)S
1083(structure)S
10 I
1462(fattr)S
10 R
1665(in)S
1773(the)S
1925(response)S
2304(message.)S
720 H
996 V
970(program)S
1338(TNFS_PROGRAM)S
2158({)S
720 H
1116 V
1090(version)S
1414(TNFS_VERSION)S
2172({)S
720 H
1236 V
1210(void)S
1628(NFSPROC_NULL)S
2420(\(void\))S
2694(=)S
2780(0;)S
720 H
1356 V
1210(attrstat)S
1602(NFSPROC_GETATTR)S
2583(\(fhandle\))S
2978(=)S
3064(1;)S
720 H
1476 V
1210(attrstat)S
1602(NFSPROC_SETATTR)S
2567(\(sattrargs\))S
3001(=)S
3087(2;)S
720 H
1596 V
1210(diropres)S
1657(NFSPROC_LOOKUP)S
2588(\(diropargs\))S
3061(=)S
3147(4;)S
720 H
1716 V
1210(readlinkres)S
1683(NFSPROC_READLINK)S
2719(\(fhandle\))S
3114(=)S
3200(5;)S
720 H
1836 V
1210(readres)S
1647(NFSPROC_READ)S
2445(\(readargs\))S
2878(=)S
2964(6;)S
720 H
1956 V
1210(attrstat)S
1602(NFSPROC_WRITE)S
2444(\(writeargs\))S
2911(=)S
2997(8;)S
720 H
2076 V
1210(diropres)S
1657(NFSPROC_CREATE)S
2572(\(createargs\))S
3071(=)S
3157(9;)S
720 H
2196 V
1210(stat)S
1589(NFSPROC_REMOVE)S
2537(\(diropargs\))S
3010(=)S
3096(10;)S
720 H
2316 V
1210(stat)S
1589(NFSPROC_RENAME)S
2537(\(renameargs\))S
3092(=)S
3178(11;)S
720 H
2436 V
1210(stat)S
1589(NFSPROC_LINK)S
2353(\(linkargs\))S
2771(=)S
2857(12;)S
720 H
2556 V
1210(stat)S
1589(NFSPROC_SYMLINK)S
2570(\(symlinkargs\))S
3155(=)S
3241(13;)S
720 H
2676 V
1210(diropres)S
1657(NFSPROC_MKDIR)S
2516(\(createargs\))S
3015(=)S
3101(14;)S
720 H
2796 V
1210(stat)S
1589(NFSPROC_RMDIR)S
2443(\(diropargs\))S
2916(=)S
3002(15;)S
720 H
2916 V
1210(readdirres)S
1668(NFSPROC_READDIR)S
2638(\(readdirargs\))S
3182(=)S
3268(16;)S
720 H
3036 V
1210(statfsres)S
1627(NFSPROC_STATFS)S
2515(\(fhandle\))S
2910(=)S
2996(17;)S
720 H
3156 V
1210(accessres)S
1670(NFSPROC_ACCESS)S
2575(\(accessargs\))S
3091(=)S
3177(18;)S
720 H
3276 V
1210(diropres)S
1657(NFSPROC_SETLABEL)S
2683(\(setlabargs\))S
3178(=)S
3264(19;)S
5139(|)S
720 H
3396 V
1210(mldres)S
1662(NFSPROC_MLD)S
2410(\(mldargs\))S
2828(=)S
2914(20;)S
720 H
3516 V
1090(})S
1168(=)S
1254(1;)S
1482(/*)S
1590(Trusted)S
1925(NFS)S
2139(Version)S
2485(1)S
2595(*/)S
720 H
3636 V
970(})S
1048(=)S
1134(390086;)S
1582(/*)S
1690(Trusted)S
2025(NFS)S
2239(Program)S
2613(Number)S
2970(*/)S
720 H
3876 V
10 B
720(3.4.6.)S
1005(Using)S
1280(TNFS)S
720 H
4032 V
10 R
720(With)S
963(the)S
1128(TNFS)S
1416(protocol)S
1792(procedures)S
2272(described)S
2698(above,)S
3005(listing)S
3300(and)S
3488(modifying)S
3949(remote)S
4270(extended)S
4674(\256le)S
4846(attri-)S
720 H
4152 V
720(butes)S
969(is)S
1073(now)S
1282(supported.)S
1738(The)S
1930(de\256nition)S
2351(of)S
2471(a)S
2552(new)S
2755(application)S
3236(programming)S
3817(interface)S
4202(\(API\))S
4466(to)S
4581(support)S
4918(the)S
720 H
4272 V
720(display)S
1050(of)S
1174(a)S
1259(\256le's)S
1500(security)S
1857(attributes)S
2270(will)S
2467(permit)S
2769(either)S
3037(a)S
3122(new)S
3329(\256le)S
3498(list)S
3662(command)S
4097(\(e.g.)S
4315(lsacl,)S
4564(lsmac\))S
4871(or)S
4996(a)S
720 H
4392 V
720(modi\256cation)S
1258(to)S
1368(the)S
1522(existing)S
10 I
1871(ls)S
1970(\(2\))S
10 R
2118(command)S
2544(to)S
2654(display)S
2975(the)S
3129(security)S
3477(attribute)S
3842(information)S
4346(associated)S
4787(with)S
4996(a)S
720 H
4512 V
720(remote)S
1032(\256le.)S
1251(Likewise,)S
1678(the)S
1836(de\256nition)S
2256(of)S
2375(a)S
2455(new)S
2657(API)S
2854(for)S
3006(setting)S
3309(a)S
3389(\256le's)S
3625(security)S
3977(attributes)S
4385(will)S
4577(permit)S
4874(new)S
720 H
4632 V
720(change)S
1032(security)S
1378(attribute)S
1741(commands)S
2204(to)S
2312(be)S
2436(developed)S
2876(\(e.g.)S
3083(chacl,)S
3348(chmac\).)S
720 H
4788 V
720(The)S
906(\256le)S
1065(open)S
1290(enhancement)S
1848(discussed)S
2263(previously)S
2717(may)S
2921(now)S
3125(be)S
3251(supported.)S
3732(The)S
3919(open)S
4145(API)S
4338(will)S
4526(be)S
4652(translated)S
720 H
4908 V
720(into)S
910(a)S
987(GETATTR)S
1475(operation)S
1885(for)S
2034(the)S
2189(current)S
2504(directory,)S
2922(a)S
2999(LOOKUP)S
3437(operation)S
3847(for)S
3996(the)S
4151(\256le)S
4312(to)S
4423(be)S
4550(opened,)S
4896(and)S
720 H
5028 V
720(an)S
853(ACCESS)S
1271(operation)S
1687(which)S
1970(returns)S
2286(a)S
2369(boolean)S
2724(value)S
2979(indicating)S
3418(whether)S
3778(the)S
3940(access)S
4234(requested)S
4656(would)S
4946(be)S
720 H
5148 V
720(permitted,)S
1177(along)S
1448(with)S
1675(the)S
1846(complete)S
2261(set)S
2421(of)S
2553(the)S
2724(\256le's)S
2973(attributes.)S
3449(Thus,)S
3722(the)S
3892(TNFS)S
4185(client)S
4455(can)S
4641(determine)S
720 H
5268 V
720(whether)S
1083(the)S
1247(application)S
1733(requesting)S
2192(to)S
10 I
2313(open)S
10 R
2550(the)S
2715(remote)S
3035(\256le)S
3206(will)S
3405(be)S
3542(able)S
3751(to)S
3872(access)S
4169(it)S
4268(based)S
4538(on)S
4681(the)S
4846(open)S
720 H
5388 V
720(request)S
1041(type)S
1246(and)S
1423(the)S
1578(application's)S
2126(security)S
2474(credentials.)S
2993(As)S
3136(described)S
3550(earlier,)S
3861(a)S
3937(server)S
4212(may)S
4416(choose)S
4725(to)S
4835(asso-)S
720 H
5508 V
720(ciate)S
941(a)S
1018(set)S
1162(of)S
1278(privileges)S
1705(with)S
1916(the)S
2071(remote)S
2381(subject)S
2697(which)S
2974(are)S
3128(di)S
3206 H
	(f)show 10 -.5 mul h (f)show
10 R
3267(erent)S
3500(from)S
3728(the)S
3884(privilege)S
4273(set)S
4418(associated)S
4862(with)S
720 H
5628 V
720(the)S
889(subject)S
1219(on)S
1366(the)S
1535(client)S
1804(system.)S
2184(The)S
2386(ACCESS)S
2812(procedure)S
3257(call)S
3447(returns)S
3770(the)S
3938(server's)S
4299(assessment)S
4789(of)S
4918(the)S
720 H
5748 V
720(subject's)S
1105(access)S
1389(capabilities.)S
720 H
5904 V
720(The)S
926(information)S
1449(label)S
1694(adjustment)S
2184(policy)S
2485(is)S
2603(supported,)S
3073(since)S
3329(the)S
3503(AUTH_MLS)S
4088(credential)S
4533(contains)S
4918(the)S
720 H
6024 V
720(subject's)S
1123(information)S
1643(label,)S
1910(and)S
2102(the)S
2272(TNFS)S
2565(reply)S
2818(message)S
3204(contains)S
3585(an)S
3727(extended)S
4135(\256le)S
4311(attribute)S
4691(structure)S
720 H
6144 V
720(which)S
1000(includes)S
1369(the)S
1527(\256le)S
1692(object's)S
2045(information)S
2554(label.)S
2840(Note)S
3071(that)S
3258(the)S
3417(subject's)S
3809(information)S
4318(label)S
4549(may)S
4758(require)S
720 H
6264 V
720(adjustment)S
1193(as)S
1310(a)S
1388(result)S
1644(of)S
1761(reading)S
2094(a)S
2172(remote)S
2483(\256le)S
2644(\(READ\),)S
3040(reading)S
3372(a)S
3449(remote)S
3759(directory)S
4152(\(READDIR\),)S
4720(or)S
4836(read-)S
720 H
6384 V
720(ing)S
882(a)S
960(remote)S
1271(symbolic)S
1672(link)S
1862(\(READLINK\).)S
2527(A)S
2633(remote)S
2944(\256le's)S
3178(\(object\))S
3522(information)S
4028(label)S
4256(may)S
4462(be)S
4590(adjusted)S
4957(as)S
720 H
6504 V
720(a)S
801(result)S
1060(of)S
1180(SETATTR,)S
1681(WRITE,)S
2059(CREATE,)S
2510(RENAME,)S
2994(LINK,)S
3294(SYMLINK,)S
3811(and)S
3992(MKDIR)S
4361(TNFS)S
4642(procedure)S
720 H
6624 V
720(calls.)S
720 H
6780 V
720(File)S
914(names)S
1207(may)S
1417(now)S
1627(be)S
1759(protected)S
2168(by)S
2306(MLS)S
2550(policy)S
2838(with)S
3055(the)S
3216(introduction)S
3744(of)S
3866(\256le)S
4033(name)S
4288(security)S
4643(attributes,)S
720 H
6900 V
720(and)S
894(the)S
1046(SETLABEL)S
1576(procedure.)S
720 H
7056 V
720(Finally,)S
1059(MultiLevel)S
1539(Directories)S
2012(are)S
2163(accommodated.)S
5139(|)S
720 H
7680 V
720(TSIG-TNFS-001.2.03)S
4650([Page 13])S
7920 V
EP
%%Page: 14 14
BP
/slant 0 def
/height 1.000000 def
10 R
10 R
0 H
40 V
0(--)S
5406(--)S
720 H
520 V
720(INTERNET-DRAFT)S
2297(TNFS Protocol Speci\256cation)S
4472(May 24, 1992)S
720 H
840 V
10 B
720(3.4.7.)S
1005(TNFS)S
1291(Access)S
1603(Control)S
1966(Policy)S
720 H
996 V
10 R
720(The)S
905(access)S
1189(control)S
1502(policy)S
1782(recommended)S
2377(by)S
2507(this)S
2682(proposal)S
3056(may)S
3258(be)S
3382(stated)S
3645(as)S
3758(follows:)S
720 H
1152 V
970(o)S
1220(a)S
1298(client)S
1554(system)S
1866(shall)S
10 I
2089(always)S
10 R
2401(apply)S
2657(the)S
2813(access)S
3101(control)S
3418(policy)S
3702(to)S
3814(a)S
3892(local)S
4120(request)S
4443(for)S
4594(access)S
4883(to)S
4996(a)S
720 H
1272 V
1220(local)S
1444(resource,)S
720 H
1428 V
970(o)S
1220(a)S
1297(server)S
1573(system)S
1884(shall)S
10 I
2106(always)S
10 R
2417(apply)S
2672(the)S
2827(access)S
3114(control)S
3430(policy)S
3713(to)S
3824(a)S
3901(local)S
4128(request)S
4449(for)S
4598(access)S
4885(to)S
4996(a)S
720 H
1548 V
1220(local)S
1444(resource,)S
720 H
1704 V
970(o)S
1220(a)S
1298(server)S
1575(system)S
1887(shall)S
10 I
2110(always)S
10 R
2423(apply)S
2680(the)S
2837(access)S
3126(control)S
3444(policy)S
3729(to)S
3842(a)S
3921(remote)S
4233(access)S
4522(request)S
4845(for)S
4996(a)S
720 H
1824 V
1220(local)S
1444(resource,)S
1836(and)S
720 H
1980 V
970(o)S
1220(a)S
1299(client)S
1556(system)S
10 I
1869(may)S
2070(\(temporarily\))S
10 R
2643(apply)S
2900(the)S
3057(access)S
3346(control)S
3664(policy)S
3949(to)S
4063(a)S
4143(locally)S
4451(cached)S
4763(remote)S
720 H
2100 V
1220(resource,)S
1612(i)S
1640 H
	(f)show 10 -.5 mul h (f)show
10 R
1701(:)S
720 H
2256 V
1220(*)S
1470(client)S
1722(security)S
2068(attribute)S
2431(caching)S
2771(support)S
3101(is)S
3198(included)S
3572(in)S
3680(the)S
3832(implementation,)S
4515(and)S
720 H
2412 V
1220(*)S
1470(a)S
1544(client)S
1796(security)S
2142(attribute)S
2505(caching)S
2845(policy)S
3125(is)S
3222(enabled)S
3562(by)S
3692(the)S
3844(host)S
4041(security)S
4387(o)S
4437 H
	(f)show 10 -.5 mul h (\256)show
10 R
4521(cer)S
720 H
2568 V
720(This)S
930(TNFS)S
1207(access)S
1493(control)S
1808(policy)S
2090(ensures)S
2421(that)S
2603(no)S
2735(access)S
3021(will)S
3209(be)S
3335(made)S
3583(without)S
3921(the)S
4076(application)S
4553(of)S
4669(appropri-)S
720 H
2688 V
720(ate)S
866(access)S
1150(control.)S
720 H
2928 V
10 B
720(3.4.8.)S
1005(TNFS)S
1291(Auditing)S
1700(Policy)S
720 H
3084 V
10 R
720(The)S
909(auditing)S
1271(policy)S
1555(recommended)S
2154(by)S
2288(this)S
2467(proposal)S
2845(is)S
2946(stated)S
3213(as)S
3330(follows.)S
3689(When)S
3961(the)S
4117(security)S
4467(auditing)S
4830(func-)S
720 H
3204 V
720(tion)S
906(is)S
1003(enabled:)S
720 H
3360 V
970(o)S
10 B
1220(an)S
1356(implementation)S
2058(shall:)S
720 H
3516 V
10 R
1220(\(1\))S
1470(audit)S
1700(all)S
1830(local)S
2054(requests)S
2411(for)S
2557(local)S
2781(\256le)S
2939(access:)S
720 H
3672 V
1470(>)S
1720(a)S
1794(client)S
2046(system)S
2354(shall)S
10 I
2573(always)S
10 R
2881(audit)S
3111(a)S
3185(local)S
3409(request)S
3727(for)S
3873(access)S
4157(to)S
4265(a)S
4339(local)S
4563(resource,)S
720 H
3828 V
1470(>)S
1720(a)S
1794(server)S
2067(system)S
2375(shall)S
10 I
2594(always)S
10 R
2902(audit)S
3132(a)S
3206(local)S
3430(request)S
3748(for)S
3894(access)S
4178(to)S
4286(a)S
4360(local)S
4584(resource)S
720 H
3984 V
1220(\(2\))S
1470(provide)S
1805(the)S
10 B
1957(capability)S
10 R
2410(to)S
2518(audit)S
2748(all)S
2878(remote)S
3185(\256le)S
3343(access)S
3627(requests:)S
720 H
4140 V
1470(>)S
1720(the)S
1876(client)S
2132(shall)S
2355(support)S
2689(the)S
2845(capability)S
3273(to)S
3385(audit)S
3619(local)S
3848(requests)S
4210(for)S
4361(access)S
4650(to)S
4763(remote)S
720 H
4260 V
1720(resources)S
2126(on)S
2256(a)S
2330(server,)S
2628(and)S
720 H
4416 V
1470(>)S
1720(the)S
1874(server)S
2149(shall)S
2370(support)S
2703(the)S
2858(capability)S
3285(to)S
3396(audit)S
3629(remote)S
3939(requests)S
4299(for)S
4448(access)S
4735(to)S
4846(local)S
720 H
4536 V
1720(resources)S
2126(on)S
2256(the)S
2408(server)S
4504 V
8 R
2651(8)S
720 H
4692 V
10 R
1220(\(3\))S
1470(enable)S
1760(client)S
2012(system)S
2320(auditing)S
2678(of)S
2791(local)S
3015(requests)S
3372(for)S
3518(access)S
3802(to)S
3910(remote)S
4217(\256les)S
4414(by)S
4544(default)S
720 H
4848 V
720(Thus,)S
975(when)S
1221(the)S
1373(security)S
1719(auditing)S
2077(function)S
2440(is)S
2537(enabled:)S
720 H
5004 V
970(o)S
1220(all)S
1350(local)S
1574(requests)S
1931(for)S
2077(access)S
2361(to)S
2469(local)S
2693(\256les)S
2890(are)S
3041(audited,)S
720 H
5160 V
970(o)S
1220(client)S
1472(system)S
1780(requests)S
2137(for)S
2283(access)S
2567(to)S
2675(remote)S
2982(\256les)S
3179(are)S
3330(audited)S
5128 V
8 R
3624(9)S
720 H
5316 V
10 R
970(o)S
1220(the)S
1372(capability)S
1796(to)S
1904(audit)S
2134(remote)S
2441(\256le)S
2599(access)S
2883(by)S
3013(both)S
3221(client)S
3473(and)S
3647(server)S
3920(is)S
4017(provided:)S
720 H
5472 V
1220(*)S
1470(client)S
1741(system)S
2068(auditing)S
2445(may)S
2666(be)S
2809(enabled)S
3168(to)S
3295(audit)S
3544(local)S
3788(requests)S
4165(for)S
4331(access)S
4635(to)S
4763(remote)S
720 H
5592 V
1470(resources;)S
1904(client)S
2156(system)S
2464(auditing)S
2822(is)S
2919(enabled)S
3259(by)S
3389(default,)S
720 H
5748 V
1220(*)S
1470(server)S
1760(system)S
2085(auditing)S
2460(may)S
2680(be)S
2822(enabled)S
3180(to)S
3306(audit)S
3554(remote)S
3879(requests)S
4254(for)S
4418(access)S
4720(to)S
4846(local)S
720 H
5868 V
1470(resources)S
720 H
6024 V
970(o)S
1220(enabling)S
1596(of)S
1711(the)S
1865(remote)S
2174(\256le)S
2334(access)S
2620(auditing)S
2980(capability)S
3406(shall)S
3627(be)S
3753(supported)S
4179(by)S
4311(a)S
4387(system)S
4697(manage-)S
720 H
6144 V
1220(ment)S
1450(operation)S
720 H
6300 V
720(This)S
930(TNFS)S
1207(policy)S
1489(ensures)S
1820(that)S
2002(each)S
2216(TNFS)S
2493(host)S
2692(shall)S
2913(audit)S
3145(local)S
3371(requests)S
3731(for)S
3880(local)S
4107(\256le)S
4268(access,)S
4580(each)S
4795(TNFS)S
720 H
6420 V
720(client)S
980(system)S
1296(shall)S
1523(audit)S
1761(requests)S
2126(for)S
2280(remote)S
2595(\256le)S
2761(access)S
3053(\(by)S
3224(default\),)S
3597(and)S
3779(both)S
3995(TNFS)S
4278(clients)S
4577(and)S
4758(servers)S
720 H
6540 V
720(shall)S
943(have)S
1165(the)S
1321(cability)S
1655(to)S
1767(enable)S
2061(auditing)S
2423(of)S
2540(remote)S
2852(\256le)S
3015(access)S
3304(activity.)S
3694(In)S
3812(a)S
3891(given)S
4148(network)S
4510(environment,)S
720 H
6660 V
720(it)S
817(may)S
1030(be)S
1165(desirable)S
1566(to)S
1685(optionally)S
2132(disable)S
2456(auditing)S
2825(of)S
2949(remote)S
3267(access)S
3562(on)S
3703(either)S
3970(the)S
4132(client)S
4394(or)S
4517(the)S
4679(server)S
4962(to)S
720 H
6760 V
8 Y1
720(333333333333333333)S
720 H
6854 V
6 R
820(8)S
6878 V
8 R
890(This)S
1063(option)S
1298(may)S
1466(require)S
1721(the)S
1849(auditing)S
2141(of)S
2238(the)S
2366(speci\256c)S
2640(TNFS)S
2868(protocol)S
3165(procedure)S
3514(calls,)S
3711(since)S
3906(the)S
4035(protocol)S
4332(procedures)S
720 H
6978 V
720(are)S
840(not)S
966(translated)S
1298(into)S
1446(actual)S
1659("system)S
1937(calls")S
2139(in)S
2225(many)S
2426(server)S
2643(implementations.)S
720 H
7072 V
6 R
820(9)S
7096 V
8 R
890(This)S
1056(is)S
1133(the)S
1254(default)S
1498(policy;)S
1743(site)S
1877(speci\256c)S
2144(auditing)S
2429(policies)S
2700(are)S
2820(established)S
3197(by)S
3301(the)S
3422(site)S
3556(security)S
3831(o)S
3871 H
	(f)show 8 -.5 mul h (\256)show
8 R
3938(cer.)S
720 H
7680 V
10 R
720(TSIG-TNFS-001.2.03)S
4650([Page 14])S
7920 V
EP
%%Page: 15 15
BP
/slant 0 def
/height 1.000000 def
10 R
10 R
0 H
40 V
0(--)S
5406(--)S
720 H
520 V
720(INTERNET-DRAFT)S
2297(TNFS Protocol Speci\256cation)S
4472(May 24, 1992)S
720 H
840 V
720(avoid)S
972(duplication.)S
720 H
1080 V
10 B
720(3.4.9.)S
1005(The)S
1202(Extended)S
1638(Attribute)S
2067(Cache)S
720 H
1236 V
10 R
720(NFS)S
936(caching)S
1278(strategies)S
1687(are)S
1840(implementation)S
2500(speci\256c,)S
2862(and)S
3038(are)S
3191(not)S
3351(part)S
3538(of)S
3653(the)S
3808(NFS)S
4025(protocol.)S
4446(Caching)S
4812(is)S
4912(not)S
720 H
1356 V
720(required)S
1084(to)S
1194(support)S
1526(TNFS)S
1803(interoperability.)S
2506(This)S
2715(speci\256cation)S
3251(will)S
3438(therefore)S
3828(not)S
3987(include)S
4312(speci\256c)S
4648(details)S
4940(on)S
720 H
1476 V
720(the)S
873(issue)S
1104(of)S
1219(attribute)S
1584(caching.)S
1981(However,)S
2403(since)S
2640(the)S
2794(caching)S
3136(mechanisms)S
3662(are)S
3815(included)S
4191(in)S
4301(the)S
4455(NFS)S
4671(reference)S
720 H
1596 V
720(source)S
1015(code)S
1238(releases,)S
1613(and)S
1792(since)S
2032(attribute)S
2400(caching)S
2745(is)S
2847(critical)S
3159(for)S
3310(achieving)S
3733(NFS)S
3951(performance)S
4488(goals,)S
4758(several)S
720 H
1716 V
720(suggestions)S
1217(are)S
1368(included)S
1742(in)S
1850(this)S
2025(section.)S
720 H
1872 V
720(In)S
846(most)S
1084(NFS)S
1311(client)S
1576(implementations,)S
2311(remote)S
2631(\256le)S
2802(attributes)S
3217(are)S
3382(cached)S
3702(on)S
3846(the)S
4012(client,)S
4303(improving)S
4764(perfor-)S
720 H
1992 V
720(mance)S
1018(and)S
1200(reducing)S
1587(network)S
1951(tra)S
2056 H
	(f)show 10 -.5 mul h (\256)show
10 R
2140(c.)S
2276(The)S
2468(attribute)S
2838(cache)S
3101(is)S
3205(updated)S
3558(frequently,)S
4030(as)S
4150(most)S
4382(NFS)S
4603(procedures)S
720 H
2112 V
720(return)S
988(\256le)S
1146(attributes)S
1548(along)S
1800(with)S
2008(other)S
2243(requested)S
2655(information.)S
720 H
2268 V
720(A)S
826(client)S
1082(side)S
1277(cache)S
1537(for)S
1687(the)S
1843(extended)S
2237(security)S
2588(\256le)S
2751(attributes)S
3158(should)S
3460(also)S
3656(be)S
3785(considered)S
4252(for)S
4403(similar)S
4716(reasons.)S
720 H
2388 V
720(Since)S
986(all)S
1130(of)S
1257(the)S
1423(\256le's)S
1667(security)S
2027(attributes)S
2443(are)S
2608(returned)S
2984(with)S
3206(each)S
3431(TNFS)S
3719(\256le)S
3890(access)S
4187(request,)S
4543(an)S
4680(extended)S
720 H
2508 V
720(security)S
1066(attribute)S
1429(cache)S
1685(can)S
1853(now)S
2055(be)S
2179(maintained)S
2653(on)S
2783(the)S
2935(client.)S
720 H
2664 V
720(Extending)S
1171(the)S
1333(attribute)S
1706(validation)S
2146(procedure)S
2584(to)S
2702(include)S
3036(validating)S
3476(the)S
3638(security)S
3995(\256le)S
4164(attributes)S
4577(permits)S
4918(the)S
720 H
2784 V
720(complete)S
1119(set)S
1263(of)S
1379(\256le)S
1540(attributes)S
1945(to)S
2056(be)S
2183(checked)S
2542(and)S
2719(refreshed)S
3122(if)S
3216(they)S
3421(are)S
3574(no)S
3706(longer)S
3993(valid.)S
4280(If)S
4378(the)S
4532(\256le's)S
4764(cached)S
720 H
2904 V
720(attributes)S
1133(are)S
1295(not)S
1464(valid,)S
1731(a)S
10 B
1817(GETATTR)S
10 R
2349(procedure)S
2789(call)S
2975(can)S
3155(be)S
3291(made.)S
3604(The)S
3801(TNFS)S
4088(reply)S
4335(to)S
4455(this)S
4642(procedure)S
720 H
3024 V
720(now)S
925(includes)S
1291(the)S
1446(complete)S
1845(set)S
1989(of)S
2105(\256le)S
2266(attribute)S
2632(information,)S
3162(permitting)S
3612(all)S
3745(of)S
3861(the)S
4016(\256le's)S
4249(cached)S
4558(attributes)S
4962(to)S
720 H
3144 V
720(be)S
860(refreshed.)S
1331(Cached)S
1676(attribute)S
2055(entries)S
2367(shall)S
2602(be)S
2742(aged)S
2976(and)S
3167(eventually)S
3630(\257ushed)S
3966(unless)S
4263(refreshed.)S
4705(If)S
4818(client)S
5139(|)S
720 H
3264 V
720(caching)S
1060(is)S
1157(enabled,)S
1522(then)S
1724(per)S
1881(process)S
2210(cached)S
2516(attribute)S
2879(entries)S
3175(shall)S
3394(be)S
3518(maintained.)S
5139(|)S
720 H
3420 V
720(Note)S
945(again)S
1192(that)S
1373(an)S
1498(attribute)S
1862(caching)S
2204(policy)S
2486(is)S
2585(not)S
2745(part)S
2932(of)S
3047(the)S
3201(protocol,)S
3591(and)S
3767(is)S
3866(an)S
3992(implementation)S
4652(technique)S
720 H
3540 V
720(used)S
937(to)S
1049(improve)S
1415(performance.)S
2006(During)S
2322(the)S
2477(window)S
2832(of)S
2948(time)S
3159(that)S
3342(the)S
3497(cache)S
3756(entry)S
3994(is)S
4094(valid,)S
4352(the)S
4507(client)S
4762(system)S
720 H
3660 V
720(applies)S
1034(the)S
1187(MLS)S
1424(access)S
1709(control)S
2023(policies)S
2365(on)S
2496(behalf)S
2776(of)S
2891(the)S
3045(server.)S
3345(It)S
3438(is)S
3537(recommended)S
4134(that)S
4316(if)S
4409(an)S
4535(implementa-)S
720 H
3780 V
720(tion)S
913(supports)S
1289(the)S
1448(use)S
1618(of)S
1738(client)S
1997(side)S
2195(attribute)S
2565(caching,)S
2937(it)S
3030(shall)S
3256(also)S
3454(support)S
3791(a)S
3872(mechanism)S
4363(for)S
4515(disabling)S
4918(the)S
720 H
3900 V
720(attribute)S
1083(cache.)S
1364(Speci\256c)S
1716(implementation)S
2374(details)S
2665(are)S
2816(provided)S
3201(in)S
3309([4].)S
720 H
4140 V
10 B
720(4.)S
855(Related)S
1212(Requirements)S
1841(and)S
2033(Expectations)S
720 H
4296 V
10 R
720(This)S
929(speci\256cation)S
1465(addresses)S
1878(extensions)S
2331(the)S
2484(NFS)S
2700(V2)S
2854(protocol)S
3219(which)S
3495(accommodate)S
4081(network)S
4440(\256le)S
4600(access)S
4886(in)S
4996(a)S
720 H
4416 V
720(trusted,)S
1067(MLS)S
1323(network)S
1700(environment.)S
2310(Expectations)S
2876(for)S
3042(the)S
3213(environment)S
3767(for)S
3932(which)S
4225(this)S
4419(speci\256cation)S
4973(is)S
720 H
4536 V
720(applicable)S
1160(include:)S
720 H
4692 V
970(o)S
1220(the)S
1372(TNFS)S
1647(network)S
2004(environment)S
2539(is)S
2636(a)S
2710(trusted)S
3012(environment:)S
720 H
4848 V
1220(>)S
1470(TNFS)S
1745(authentication)S
2341(and)S
2515(message)S
2883(integrity)S
3252(support)S
3582(shall)S
3801(not)S
3959(be)S
4083(required)S
720 H
5004 V
1220(>)S
1470(use)S
1634(of)S
1748(TNFS)S
2024(in)S
2133(an)S
2258(untrusted)S
2661(environment)S
3197(\(i.e.)S
3383(commercial)S
3885(network)S
4243(environment\))S
4813(is)S
4912(not)S
720 H
5124 V
1470(addressed)S
1893(by)S
2023(this)S
2198(speci\256cation)S
720 H
5280 V
970(o)S
1220(other,)S
1482(related)S
1785(RPC)S
2007(services)S
2360(are)S
2513(required)S
2878(to)S
2989(support)S
3322(the)S
3477(execution)S
3898(of)S
4014(NFS;)S
4259(these)S
4497(services)S
4851(shall)S
720 H
5400 V
1220(support)S
1564(the)S
1730(AUTH_MLS)S
2307(credential)S
2744(\257avor,)S
3045(but)S
3216(may)S
3431(also)S
3635(support)S
3978(alternative)S
4442(policies)S
4796(which)S
720 H
5520 V
1220(make)S
1466(use)S
1629(of)S
1742(other)S
1977(authentication)S
2573(\257avors:)S
720 H
5676 V
1220(>)S
1470(the)S
1651(token)S
1933(management)S
2503(service)S
2845(is)S
2972(required)S
3364(to)S
3502(translate)S
3900(security)S
4276(attributes)S
4708(between)S
720 H
5796 V
1470(expanded)S
1882(and)S
2056(tokenized)S
2474(formats)S
2809([5],)S
720 H
5952 V
1220(>)S
1470(the)S
1622(mount)S
1908(service)S
2220(is)S
2317(required)S
2679(to)S
2787(support)S
3117(NFS)S
3331(mount)S
3617(requests,)S
720 H
6108 V
1220(>)S
1470(the)S
1628(lock)S
1836(manager)S
2215(and)S
2395(status)S
2659(monitor)S
3012(services)S
3369(are)S
3526(required)S
3894(to)S
4008(support)S
4345(NFS)S
4566(\256le)S
4731(and)S
4912(\256le)S
720 H
6228 V
1470(region)S
1755(locking)S
720 H
6384 V
970(o)S
1220(client)S
1472(side)S
1663(mounts)S
1988(shall)S
2207(be)S
2331(restricted)S
2732(to)S
2840(the)S
2992(server's)S
3337(exported)S
3716(mount)S
4002(points:)S
720 H
6540 V
1220(>)S
1470(client)S
1737(requests)S
2109(to)S
2233(mount)S
2535(a)S
2625(subdirectory)S
3170(which)S
3460(resides)S
3783(below)S
4073(the)S
4241(export)S
4542(point)S
4794(in)S
4918(the)S
720 H
6660 V
1470(server's)S
1815(exported)S
2194(directory)S
2584(shall)S
2803(be)S
2927(denied,)S
720 H
6816 V
1220(>)S
1470(without)S
1812(this)S
1993(restriction,)S
2459(client)S
2717(access)S
3007(to)S
3122(server)S
3402(\256les)S
3606(mounted)S
3993(below)S
4274(the)S
4433(server's)S
4785(export)S
720 H
6936 V
1470(point)S
1720(bypass)S
2036(the)S
2202(authorization)S
2773(checks)S
3088(which)S
3376(would)S
3670(otherwise)S
4102(have)S
4333(been)S
4564(made)S
4823(using)S
720 H
7056 V
1470(the)S
1622(access)S
1906(modes)S
2197(of)S
2310(the)S
2462(\256le)S
2620(components)S
3133(located)S
3451(higher)S
3736(in)S
3844(the)S
3996(server's)S
4341(exported)S
4720(tree)S
7024 V
8 R
4869(10)S
720 H
7156 V
8 Y1
720(333333333333333333)S
720 H
7250 V
6 R
820(10)S
7274 V
8 R
920(Note)S
1111(that)S
1266(appropriate)S
1663(use)S
1805(of)S
1907(symbolic)S
2235(links)S
2426(on)S
2543(the)S
2677(client)S
2890(will)S
3051(result)S
3264(in)S
3363(a)S
3435(client)S
3648(\256le)S
3787(name)S
3996(space)S
4209(similar)S
4466(to)S
4565(one)S
720 H
7680 V
10 R
720(TSIG-TNFS-001.2.03)S
4650([Page 15])S
7920 V
EP
%%Page: 16 16
BP
/slant 0 def
/height 1.000000 def
10 R
10 R
0 H
40 V
0(--)S
5406(--)S
720 H
520 V
720(INTERNET-DRAFT)S
2297(TNFS Protocol Speci\256cation)S
4472(May 24, 1992)S
720 H
840 V
970(o)S
1220(most)S
1452(\256le)S
1617(access)S
1908(will)S
2101(take)S
2304(place)S
2551(between)S
2920(MLS)S
3163(modi\256ed)S
3556(clients)S
3854(and)S
4035(servers,)S
4380(but)S
4546(some)S
4795(TNFS)S
720 H
960 V
1220(systems)S
1570(will)S
1759(continue)S
2136(to)S
2246(interoperate)S
2754(with)S
2964(NFS)S
3180(V2)S
3334(systems)S
3683(through)S
4026(the)S
4180(use)S
4345(of)S
4460(an)S
4586(appropriate)S
720 H
1080 V
1220(policy;)S
1547(for)S
1712(example,)S
2124(a)S
2217(\256lter)S
2455(or)S
2587(gateway)S
2968(could)S
3239(be)S
3382(placed)S
3692(between)S
4074(a)S
4168(MLS)S
4424(system)S
4752(and)S
4946(an)S
720 H
1200 V
1220(unmodi\256ed)S
1715(system)S
2032(to)S
2148(insert)S
2408(or)S
2529(delete)S
2805(appropriate)S
3297(security)S
3651(attribute)S
4022(information)S
4532(on)S
4670(behalf)S
4957(of)S
720 H
1320 V
1220(the)S
1372(unmodi\256ed)S
1858(system)S
720 H
1560 V
1220(note)S
1432(that)S
1622(client)S
1884(system)S
2202(auditing)S
2570(information)S
3082(will)S
3278(not)S
3447(be)S
3582(supplied)S
3962(for)S
4119(remote)S
4437(\256le)S
4606(access)S
4901(ini-)S
720 H
1680 V
1220(tiated)S
1479(from)S
1710(an)S
1840(unmodi\256ed)S
2332(NFS)S
2552(client;)S
2838(enabling)S
3218(server)S
3497(system)S
3811(auditing)S
4175(should)S
4478(be)S
4608(considered)S
720 H
1800 V
1220(by)S
1350(the)S
1502(security)S
1848(o)S
1898 H
	(f)show 10 -.5 mul h (\256)show
10 R
1982(cer)S
2133(to)S
2241(support)S
2571(these)S
2806(con\256gurations)S
720 H
1956 V
970(o)S
1220(a)S
1299(TNFS)S
1579(client)S
1836(should)S
2139(not)S
2303(send)S
2522(any)S
2702(security)S
3054(extended)S
3450(NFS)S
3670(procedure)S
4104(calls)S
4323(to)S
4437(a)S
4517(server)S
4796(which)S
720 H
2076 V
1220(does)S
1451(not)S
1627(support)S
1974(this)S
2166(service;)S
2523(a)S
2614(TNFS)S
2906(client)S
3175(should)S
3489(also)S
3697(refrain)S
4009(from)S
4250(sending)S
4608(extraneous)S
720 H
2196 V
1220(security)S
1566(attribute)S
1929(information)S
2431(to)S
2539(a)S
2613(TNFS)S
2888(server)S
3161(that)S
3341(does)S
3554(not)S
3712(support)S
4042(those)S
4283(attributes)S
720 H
2352 V
970(o)S
1220(additional)S
1660(TCB)S
1895(information)S
2320 V
8 R
2367(11)S
2352 V
10 R
2487(is)S
2594(maintained)S
3078(by)S
3218(each)S
3440(MLS)S
3686(system)S
4004(to)S
4122(support)S
4462(trusted)S
4774(intero-)S
720 H
2472 V
1220(perability)S
1633([10];)S
1857(for)S
2003(example,)S
2396(each)S
2608(MLS)S
2844(host)S
3041(may:)S
720 H
2628 V
1220(>)S
1470(maintain)S
1850(a)S
1924(list)S
2077(of)S
2190(the)S
2342(hosts)S
2578(which)S
2852(it)S
2938(will)S
3124(communicate)S
3692(with,)S
720 H
2784 V
1220(>)S
1470(maintain)S
1858(the)S
2018(set)S
2167(of)S
2288(security)S
2643(attributes)S
3054(which)S
3337(it)S
3432(expects)S
3770(to)S
3887(use)S
4059(in)S
4176(the)S
4337(exchange)S
4752(of)S
4874(data)S
720 H
2904 V
1470(with)S
1678(a)S
1752(given)S
2004(host,)S
2226(and)S
720 H
3060 V
1220(>)S
1470(maintain)S
1859(the)S
2020(speci\256c)S
2364(translation)S
2825(scheme)S
3163(or)S
3285(schemes)S
3663(which)S
3947(will)S
4143(be)S
4277(used)S
4500(in)S
4618(translating)S
720 H
3180 V
1470(tokens)S
1761(with)S
1969(a)S
2043(given)S
2295(host)S
2492([5])S
720 H
3336 V
970(o)S
1220(the)S
1385(security)S
1744(information)S
2259(de\256ned)S
2596(within)S
2896(the)S
3062(AUTH_MLS)S
3639(credential)S
4076(and)S
4264(\256le)S
4436(attribute)S
4813(struc-)S
720 H
3456 V
1220(tures)S
1452(provides)S
1834(for)S
1988(the)S
2148(transfer)S
2490(of)S
2611(security)S
2965(attributes)S
3374(required)S
3743(to)S
3858(support)S
4195(MLS)S
4438(access)S
4729(policies)S
720 H
3576 V
1220(without)S
1556(requiring)S
1952(the)S
2104(underlying)S
2567(network)S
2924(layer)S
3153(to)S
3261(provide)S
3596(security)S
3942(attribute)S
4305(information:)S
720 H
3732 V
1220(>)S
1470(if)S
1571(security)S
1927(attributes)S
2339(are)S
2501(provided)S
2897(by)S
3038(both)S
3257(the)S
3420(RPC)S
3651(layer)S
3891(and)S
4076(the)S
4239(underlying)S
4713(network)S
720 H
3852 V
1470(layer,)S
1751(then)S
1980(the)S
2159(security)S
2532(attribute)S
2922(information)S
3451(provided)S
3863(by)S
4020(the)S
4199(RPC)S
4446(layer)S
4701(shall)S
4946(be)S
720 H
3972 V
1470(applied)S
1794(to)S
1902(the)S
2054(\256le)S
2212(data)S
2408(transferred)S
2869(within)S
3155(the)S
3307(RPC)S
3527(message)S
720 H
4128 V
1220(>)S
1470(transferring)S
1965(security)S
2311(attributes)S
2713(within)S
2999(the)S
3151(RPC)S
3371(layer)S
3600(provides)S
3974(for)S
4120(the)S
4272(support)S
4602(of)S
4715(a)S
4790(policy)S
720 H
4248 V
1470(where)S
1747(data)S
1947(may)S
2153(be)S
2281(transferred)S
2746(with)S
2958(a)S
3036(security)S
3386(classi\256cation)S
3942(which)S
4220(is)S
4320(di)S
4398 H
	(f)show 10 -.5 mul h (f)show
10 R
4459(erent)S
4691(from)S
4918(the)S
720 H
4368 V
1470(security)S
1820(classi\256cation)S
2376(of)S
2493(the)S
2649(network)S
3011(layer;)S
3273(for)S
3424(instance,)S
3811(\256le)S
3974(data)S
4175(with)S
4388(a)S
4467(given)S
4724(security)S
720 H
4488 V
1470(classi\256cation)S
2036(might)S
2314(\256rst)S
2514(be)S
2652(encrypted)S
3088(and)S
3275(then)S
3490(transferred)S
3964(through)S
4318(a)S
4405(network)S
4775(with)S
4996(a)S
720 H
4608 V
1470(lower)S
1727(security)S
2073(classi\256cation.)S
720 H
4764 V
1220(>)S
1470(support)S
1812(for)S
1970(the)S
2134(transfer)S
2480(of)S
2605(MAC)S
2875(sensitivity)S
3329(labels)S
3604(for)S
3762(the)S
3926(Internet)S
4278(Protocol)S
4659(Suite)S
4907(has)S
720 H
4884 V
1470(been)S
1688(addressed)S
2111(by)S
2241(the)S
2393(CIPSO)S
2707([11],)S
2928(and)S
3102(IPSO)S
3349([12])S
3545(documents)S
5139(|)S
720 H
5124 V
10 B
720(5.)S
855(Conclusion)S
720 H
5280 V
10 R
720(This)S
937(document)S
1371(describes)S
1782(the)S
1944(set)S
2095(of)S
2218(extensions)S
2680(which)S
2964(support)S
3304(network)S
3671(\256le)S
3839(access)S
4133(in)S
4251(a)S
4335(network)S
4702(environ-)S
720 H
5400 V
720(ment)S
955(consisting)S
1396(of)S
1514(MLS)S
1755(systems)S
2107(using)S
2359(the)S
2516(proposed)S
2917(TNFS)S
3197(protocol)S
3565(extensions.)S
4047(Unmodi\256ed)S
4560(NFS)S
4779(clients)S
720 H
5520 V
720(and)S
894(servers)S
1206(are)S
1357(supported)S
1781(using)S
2028(the)S
2180(de)S
2304(facto)S
2533(NFS)S
2747(V2)S
2899(protocol.)S
720 H
5676 V
720(With)S
951(the)S
1104(previously)S
1557(de\256ned)S
1882(extensions,)S
2360(the)S
2513(MLS)S
2750(network)S
3108(\256le)S
3267(access)S
3552(requirements)S
4104(are)S
4256(met.)S
4493(The)S
4680(extended)S
720 H
5796 V
720(structure)S
1103(de\256nitions)S
1560(support)S
1894(the)S
2050(DAC)S
2295(and)S
2473(MAC)S
2735(attributes)S
3141(required)S
3507(for)S
3657(modifying)S
4108(or)S
4225(displaying)S
4675(the)S
4830(secu-)S
720 H
5916 V
720(rity)S
892(attribute)S
1258(information.)S
1788(The)S
1977(enhanced)S
2387(\256le)S
2549(open)S
2777(operation)S
3188(and)S
3366(the)S
3522(information)S
4028(label)S
4256(adjustment)S
4729(policies)S
720 H
6036 V
720(are)S
871(also)S
1062(supported.)S
720 H
6192 V
720(Thus,)S
985(a)S
1069(small)S
1326(set)S
1477(of)S
1600(extensions)S
2062(to)S
2180(the)S
2342(NFS)S
2566(V2)S
2728(environment)S
3273(permits)S
3613(MLS)S
3859(access)S
4153(control)S
4476(policies)S
4827(to)S
4946(be)S
720 H
6312 V
720(supported.)S
1212(Agreement)S
1698(on)S
1841(these)S
2089(changes)S
2453(will)S
2652(permit)S
2955(the)S
3119(current)S
3443(base)S
3662(of)S
3787(NFS)S
4013(clients)S
4316(and)S
4502(servers)S
4826(to)S
4946(be)S
720 H
6432 V
720(accommodated)S
1367(in)S
1488(the)S
1653(secure)S
1950(environment)S
2498(with)S
2720(no)S
2864(changes,)S
3254(and)S
3442(for)S
3602(TNFS)S
3891(modi\256ed)S
4291(systems)S
4652(to)S
4774(intero-)S
720 H
6552 V
720(perate)S
993(using)S
1240(MLS)S
1476(policies.)S
720 H
6862 V
8 Y1
720(333333333333333333)S
720 H
6962 V
8 R
720(previously)S
1080(constructed)S
1470(by)S
1574(mounting)S
1904(subdirectories)S
2373(of)S
2463(exported)S
2765(server)S
2982(\256le)S
3108(trees.)S
720 H
7056 V
6 R
820(11)S
7080 V
8 R
920(Note)S
1099(that)S
1242(this)S
1381(information)S
1780(is)S
1857(needed)S
2106(by)S
2210(all)S
2313(trusted)S
2553(network)S
2838(applications,)S
3266(and)S
3405(is)S
3482(not)S
3608(limited)S
3857(to)S
3943(NFS)S
4115(\256le)S
4241(access.)S
720 H
7680 V
10 R
720(TSIG-TNFS-001.2.03)S
4650([Page 16])S
7920 V
EP
%%Page: 17 17
BP
/slant 0 def
/height 1.000000 def
10 R
10 R
0 H
40 V
0(--)S
5406(--)S
720 H
520 V
720(INTERNET-DRAFT)S
2297(TNFS Protocol Speci\256cation)S
4472(May 24, 1992)S
720 H
840 V
10 B
720(6.)S
855(Acknowledgements)S
720 H
996 V
10 R
720(I)S
787(would)S
1071(like)S
1255(to)S
1367(acknowledge)S
1927(the)S
2083(members)S
2483(of)S
2600(the)S
2756(ITEF/TSIG)S
3251(NFS)S
3469(Subcommittee,)S
4106(who)S
4312(were)S
4540(instrumental)S
720 H
1116 V
720(in)S
838(evolving)S
1228(the)S
1390(MLS)S
1636(extended)S
2036(NFS)S
2260(Protocol)S
2639(Speci\256cation)S
3201(from)S
3435(the)S
3597(original)S
3948(proposal.)S
4357(Many)S
4629(comments)S
720 H
1236 V
720(were)S
948(also)S
1144(made)S
1395(during)S
1691(the)S
1848(review)S
2154(of)S
2272(the)S
2429(later)S
2641(drafts)S
2903(which)S
3183(greatly)S
3496(improved)S
3915(the)S
4073(speci\256cation's)S
4686(readabil-)S
720 H
1356 V
720(ity.)S
931(Contributing)S
1493(IETF)S
1754(TNFS)S
2049(working)S
2432(group)S
2715(members)S
3131(include)S
3475(Je)S
3558 H
	(f)show 10 -.5 mul h (f)show
10 R
3669(Edelheit,)S
4077(Fran)S
4310(Fadden,)S
4679(Jonathon)S
5139(|)S
720 H
1476 V
720(Fraser,)S
1034(Ali)S
1202(Gohshan,)S
1622(Carl)S
1834(Smith,)S
2139(Mark)S
2395(Saake,)S
2698(Dave)S
2948(Summers,)S
3391(and)S
3575(Charlie)S
3910(Watt.)S
4200(I'd)S
4357(also)S
4559(like)S
4750(to)S
4869(ack-)S
720 H
1596 V
720(nowledge)S
1141(the)S
1296(contributions)S
1857(of)S
1973(the)S
2127(original)S
2470(members)S
2868(of)S
2983(the)S
3137(TSIG)S
3391(Trusted)S
3728(NFS)S
3944(working)S
4309(group:)S
4602(in)S
4712(addition)S
720 H
1716 V
720(to)S
837(the)S
998(above,)S
1300(these)S
1544(members)S
1949(included)S
2332(Morgan)S
2687(Clark,)S
2973(Tricia)S
3250(Jordan,)S
3580(Will)S
3798(Lees,)S
4051(Scott)S
4297(Norton,)S
4645(and)S
4829(Mike)S
720 H
1836 V
720(Shipley.)S
720 H
1992 V
720(The)S
914(speci\256cation)S
1458(was)S
1652(also)S
1852(reviewed)S
2256(by)S
2395(numerous)S
2828(persons)S
3172(outside)S
3500(of)S
3622(the)S
3783(subcommittee.)S
4409(I)S
4482(would)S
4772(like)S
4962(to)S
720 H
2112 V
720(acknowledge)S
1276(these)S
1511(persons)S
1846(as)S
1959(well,)S
2186(as)S
2299(a)S
2373(number)S
2708(of)S
2821(their)S
3034(comments)S
3475(are)S
3626(also)S
3817(re\257ected)S
4190(in)S
4298(the)S
4450(\256nal)S
4658(version.)S
720 H
2352 V
10 B
720(7.)S
855(Author's)S
1268(Address)S
720 H
2508 V
10 R
720(Fred)S
933(Glover)S
720 H
2628 V
720(Digital)S
1028(Equipment)S
1497(Corporation)S
720 H
2748 V
720(110)S
900(Spit)S
1092(Brook)S
1372(Road)S
1613(ZK03-3/U14)S
720 H
2868 V
720(Nashua,)S
1074(New)S
1292(Hampshire)S
1760(03062-2698)S
720 H
3108 V
720(Phone:)S
1028(603-881-0388)S
720 H
3348 V
720(EMail:)S
1028(fglover@zk3.dec.com)S
5139(|)S
720 H
3588 V
10 B
720(8.)S
855(References)S
720 H
3744 V
10 R
720([1])S
874(Sun)S
1068(Microsystems,)S
1692(Inc.,)S
1907("Network)S
2335(Filesystem)S
2807(Speci\256cation",)S
3433(RFC-1094,)S
3920(DDN)S
4175(Network)S
4563(Information)S
720 H
3864 V
970(Center,)S
1291(SRI)S
1477(International,)S
2042(Menlo)S
2333(Park,)S
2571(CA.)S
720 H
4020 V
720([2])S
877(National)S
1262(Computer)S
1703(Security)S
2077(Center,)S
2409(United)S
2722(States)S
3002(Department)S
3514(of)S
3639(Defense,)S
4032("Trusted)S
4420(Computer)S
4862(Sys-)S
720 H
4140 V
970(tems)S
1201(Evaluation)S
1676(Criteria")S
2064(National)S
2450(Computer)S
2892(Security)S
3267(Center,)S
3600(Ft.)S
3751(George)S
4086(G.)S
4225(Meade,)S
4563(MD.,)S
4815(1985,)S
720 H
4260 V
970(DoD)S
1194(5200.28-STD)S
720 H
4416 V
720([3])S
872(Defense)S
1234(Intelligence)S
1741(Agency,)S
2112(United)S
2420(States)S
2695(Department)S
3202(of)S
3321(Defense,)S
3708("Security)S
4118(Requirements)S
4709(for)S
4862(Sys-)S
720 H
4536 V
970(tem)S
1172(High)S
1423(and)S
1618(Compartmented)S
2313(Mode)S
2597(Workstations",)S
3247(Defense)S
3624(Intelligence)S
4146(Agency,)S
4532(Washington,)S
720 H
4656 V
970(D.C.,)S
1214(DIA)S
1421(document)S
1845(number)S
2180(DDS-2600-5502-87)S
720 H
4812 V
720([4])S
866(Trusted)S
1201(Systems)S
1565(Interoperability)S
2216(Group,)S
2526("The)S
2752(MLS)S
2988(NFS)S
3202(Implementor's)S
3820(Guide",)S
4160(TSIG)S
4412(Document)S
720 H
4968 V
720([5])S
880(Trusted)S
1229(Systems)S
1608(Interoperability)S
2274(Group,)S
2599("The)S
2840(MLS)S
3091(Token)S
3391(Translation)S
3891(Speci\256cation",)S
4524(TSIG)S
4791(Docu-)S
720 H
5088 V
970(ment)S
720 H
5244 V
720([6])S
873(Sun)S
1066(Microsystems,)S
1689(Inc.,)S
1903("Remote)S
2292(Procedure)S
2733(Call)S
2937(Speci\256cation",)S
3562(RFC-1057,)S
4047(DDN)S
4300(Network)S
4686(Informa-)S
720 H
5364 V
970(tion)S
1156(Center,)S
1477(SRI)S
1663(International,)S
2228(Menlo)S
2519(Park,)S
2757(CA.)S
720 H
5520 V
720([7])S
887(Sun)S
1094(Microsystems,)S
1732(Inc.,)S
1961("External)S
2392(Data)S
2632(Representation)S
3283(Speci\256cation",)S
3923(RFC-1014,)S
4423(DDN)S
4691(Network)S
720 H
5640 V
970(Information)S
1477(Center,)S
1798(SRI)S
1984(International,)S
2549(Menlo)S
2840(Park,)S
3078(CA.)S
720 H
5796 V
720([8])S
875(Clark,)S
1161(D.)S
1297(D.)S
1433(and)S
1616(David)S
1899(R.)S
2030(Wilson,)S
2383("A)S
2535(Comparison)S
3063(of)S
3185(Commercial)S
3718(and)S
3901(Military)S
4268(Computer)S
4707(Security)S
720 H
5916 V
970(Policies",)S
1401(Proceedings)S
1937(of)S
2068(the)S
2238(1987)S
2486(IEEE)S
2750(Symposium)S
3277(on)S
3425(Security)S
3806(and)S
3998(Privacy,)S
4376(IEEE)S
4640(Computer)S
720 H
6036 V
970(Society)S
1300(Press,)S
1566(Washington,)S
2104(DC.)S
720 H
6192 V
720([9])S
870(Biba,)S
1119(K.)S
1251(J.,)S
1375("Integrity)S
1795(Considerations)S
2430(for)S
2581(Secure)S
2887(Computer)S
3322(Systems",)S
3757(TR-76-372,)S
4261(Electronic)S
4706(Systems)S
720 H
6312 V
970(Division,)S
1376(Air)S
1545(Force)S
1808(Systems)S
2178(Command,)S
2656(U.S.)S
2870(Department)S
3377(of)S
3496(the)S
3654(Air)S
3823(Force,)S
4111(Hanscomb)S
4574(AFB,)S
4829(MA.,)S
720 H
6432 V
970(April)S
1211(1977)S
720 H
6588 V
720([10])S
916(Trusted)S
1251(Systems)S
1615(Interoperability)S
2266(Group,)S
2576("Trusted)S
2952(Administration)S
3588(Speci\256cation",)S
4206(TSIG)S
4458(Document)S
720 H
6744 V
720([11])S
916(Trusted)S
1251(Systems)S
1615(Interoperability)S
2266(Group,)S
2576("Commercial)S
3141(IP)S
3260(Security)S
3623(Option",)S
3997(TSIG)S
4249(Document)S
720 H
6900 V
720([12])S
924("The)S
1158(IP)S
1285(Security)S
1656(Option",)S
2038(RFC-1108,)S
2524(DDN)S
2778(Network)S
3165(Information)S
3680(Center,)S
4010(SRI)S
4205(International,)S
4779(Menlo)S
5139(|)S
720 H
7020 V
970(Park,)S
1208(CA.)S
720 H
7176 V
720([13])S
930(Postel,)S
1244(J.,)S
1407("User)S
1680(Datagram)S
2118(Protocol",)S
2568(RFC-768,)S
3011(DDN)S
3272(Network)S
3666(Information)S
4188(Center,)S
4524(SRI)S
4725(Interna-)S
720 H
7296 V
970(tional,)S
1253(Menlo)S
1544(Park,)S
1782(CA.)S
5139(*)S
720 H
7680 V
720(TSIG-TNFS-001.2.03)S
4650([Page 17])S
7920 V
EP
%%Page: 18 18
BP
/slant 0 def
/height 1.000000 def
10 R
10 R
0 H
40 V
0(--)S
5406(--)S
720 H
520 V
720(INTERNET-DRAFT)S
2297(TNFS Protocol Speci\256cation)S
4472(May 24, 1992)S
720 H
7680 V
720(TSIG-TNFS-001.2.03)S
4650([Page 18])S
0 H
7950 V
0(--)S
5406(--)S
7950 V
EP
%%Trailer
%%DocumentFonts: Times-Roman Times-Bold Times-Italic Symbol Troff
%%Pages: 18