SlideShare a Scribd company logo
CITI, NFSv4, and ASCI Peter Honeyman and Andy Adamson Center for Information Technology Integration University of Michigan Ann Arbor
Outline Brief history Skin in the game Accomplishments
CITI’s NFSv4 experiences Fleshing out protocol spec Flushing out protocol bugs Complete 2.4 implementation, but isolated from NFSv2/v3
NFSv4: Making it real Delivered the critical building blocks in Linux 2.5 Completely rewritten (twice) Integrated with NFSv2/v3 Identical performance Posix ACLs mapped
NFSv4: Making it real Some pieces still to come As “bug fixes” not new features CITI/ASCI project starts DCE/DFS bows out
Meeting ASCI needs Parallel file systems Mostly Gedanken experiments Security, ACLs, principals Important for DFS migration
Parallel file systems CITI’s first introduction; principally GPFS Devised FILE_LOCATIONS extension Load sharing among parallel NFSv4 servers I/O striping
Current work Global namespace Migration and replication Directory delegation Minor versioning
NFSv4 principals NFSv2/v3 use AUTH_SYS (32-bit integers) to designate identity On the wire and on the disk DFS and AFS manage their own principals and IDs Impose them on the file system Usually kept in synch with UNIX IDs (if yer smart)
NFSv4 principals NFSv4 mandates RPCSEC_GSS Each GSS_API mechanism has its own standard for representing principals Kerberos V X.509 Both are string representations, not integers
NFSv4 principals GSS context needs to be mapped to an identity coherent to the server Upcall to GSSD Security is paramount here Passes GSS principal GSSD calls a mapping service NSSwitch, LDAP, PTS, local database, … There can be many names, all denoting the same principal Returns an ID
NFSv4 ACLs Protocol specifies principals (owner and group) in ACLs in the form of  [email_address] Linux Posix ACLs use 32-bit ints GetACL returns … ? File owner could be local UNIX name, X.509 DN, Kerberos principal, … Canonical name depends on the server local file system (UNIX name in our case)
NFSv4 ACLs SetACL sends … ? Strings … Mapped to canonical names on the server To SetACL a remote user, e.g.,  [email_address] , we (merely) need to assign a local UID
NFSv4 principals Administrative domain imposes consistency on name space NSSwitch database maps canonical name to many names Two steps: X.509 name (OU=…), Kerberos V name mapped to canonical name (bob) Canonical name mapped to UID (71337)
NFSv4 principals We are implementing what we can And we seek comments from you lovely people whose pants are on fire
Accomplishments Code in Linux kernel NFSv4, RPC, VFS, scalability issues, security, … RPCSEC_GSS code in MIT Kerberos V CITI code in OpenSSL  Channel for CITI’s SPKM3
Accomplishments Influenced NFSv4 protocol Influencing NFSv4.1 CITI’s major contribution to ASCI is the ability to understand and represent ASCI needs (†) in these arenas and help make change real. (†) With your help
Questions?! http://www.citi.umich.edu/

More Related Content

What's hot

Hosts
HostsHosts
Hosts
HostsHosts
Hosts
ferdiannur
 
Hosts
HostsHosts
Network File System in Distributed Computing
Network File System in Distributed ComputingNetwork File System in Distributed Computing
Network File System in Distributed Computing
Chandan Padalkar
 
Hosts
HostsHosts
Sun NFS , Case study
Sun NFS , Case study Sun NFS , Case study
Sun NFS , Case study
Shashwat Singh
 
Hosts
HostsHosts
Hosts
HostsHosts
Hosts
umer890
 
hosting
hostinghosting
hosting
Asri Hasbi
 
Nf Sp4
Nf Sp4Nf Sp4
Nf Sp4
Waqas !!!!
 
Network namespaces
Network namespacesNetwork namespaces
Network namespaces
Marian Marinov
 
Hosts
HostsHosts
Nfs
NfsNfs
Network file system (nfs)
Network file system (nfs)Network file system (nfs)
Network file system (nfs)
Raghu nath
 
Linux commands
Linux commandsLinux commands
Linux commands
penetration Tester
 
Linux beginner's Workshop
Linux beginner's WorkshopLinux beginner's Workshop
Linux beginner's Workshop
futureshocked
 
Hosts
HostsHosts
Hosts
lukenninja
 
umbrella
umbrellaumbrella
umbrella
Alex Sebas
 
Linux commands
Linux commandsLinux commands
Linux commands
Balakumaran Arunachalam
 
SUN Network File system - Design, Implementation and Experience
SUN Network File system - Design, Implementation and Experience SUN Network File system - Design, Implementation and Experience
SUN Network File system - Design, Implementation and Experience
aniadkar
 

What's hot (20)

Hosts
HostsHosts
Hosts
 
Hosts
HostsHosts
Hosts
 
Hosts
HostsHosts
Hosts
 
Network File System in Distributed Computing
Network File System in Distributed ComputingNetwork File System in Distributed Computing
Network File System in Distributed Computing
 
Hosts
HostsHosts
Hosts
 
Sun NFS , Case study
Sun NFS , Case study Sun NFS , Case study
Sun NFS , Case study
 
Hosts
HostsHosts
Hosts
 
Hosts
HostsHosts
Hosts
 
hosting
hostinghosting
hosting
 
Nf Sp4
Nf Sp4Nf Sp4
Nf Sp4
 
Network namespaces
Network namespacesNetwork namespaces
Network namespaces
 
Hosts
HostsHosts
Hosts
 
Nfs
NfsNfs
Nfs
 
Network file system (nfs)
Network file system (nfs)Network file system (nfs)
Network file system (nfs)
 
Linux commands
Linux commandsLinux commands
Linux commands
 
Linux beginner's Workshop
Linux beginner's WorkshopLinux beginner's Workshop
Linux beginner's Workshop
 
Hosts
HostsHosts
Hosts
 
umbrella
umbrellaumbrella
umbrella
 
Linux commands
Linux commandsLinux commands
Linux commands
 
SUN Network File system - Design, Implementation and Experience
SUN Network File system - Design, Implementation and Experience SUN Network File system - Design, Implementation and Experience
SUN Network File system - Design, Implementation and Experience
 

Similar to CITI, NFSv4, and ASCI

DFSNov1.pptx
DFSNov1.pptxDFSNov1.pptx
DFSNov1.pptx
EngrNabidRayhanKhale
 
AFS introduction
AFS introductionAFS introduction
AFS introduction
Manfred Furuholmen
 
Pnfs
PnfsPnfs
DHCP
DHCPDHCP
DHCP
viditsir
 
Linux Based Network Proposal
Linux Based Network ProposalLinux Based Network Proposal
Linux Based Network Proposal
Chris Riccio
 
Session_2.ppt
Session_2.pptSession_2.ppt
Session_2.ppt
SudharsananRadhakris
 
Nfs1
Nfs1Nfs1
Dns
DnsDns
Linux network configuration
Linux network configurationLinux network configuration
Linux network configuration
Mario Tabuada Mussio
 
Chapter 8 distributed file systems
Chapter 8 distributed file systemsChapter 8 distributed file systems
Chapter 8 distributed file systems
AbDul ThaYyal
 
network filesystem briefs
network filesystem briefsnetwork filesystem briefs
network filesystem briefs
bergwolf
 
FreeBSD - LinuxExpo
FreeBSD - LinuxExpoFreeBSD - LinuxExpo
FreeBSD - LinuxExpo
webuploader
 
Building a Linux IPv6 DNS Server Project review PPT v3.0 First review
Building a Linux IPv6 DNS Server Project review PPT v3.0 First reviewBuilding a Linux IPv6 DNS Server Project review PPT v3.0 First review
Building a Linux IPv6 DNS Server Project review PPT v3.0 First review
Hari
 
Linux Operating System Vulnerabilities
Linux Operating System VulnerabilitiesLinux Operating System Vulnerabilities
Linux Operating System Vulnerabilities
Information Technology
 
Linux Vulnerabilities
Linux VulnerabilitiesLinux Vulnerabilities
Linux Vulnerabilities
SecurityTube.Net
 
RHCE (RED HAT CERTIFIED ENGINEERING)
RHCE (RED HAT CERTIFIED ENGINEERING)RHCE (RED HAT CERTIFIED ENGINEERING)
RHCE (RED HAT CERTIFIED ENGINEERING)
Sumant Garg
 
Cl309
Cl309Cl309
The NFS Version 4 Protocol
The NFS Version 4 ProtocolThe NFS Version 4 Protocol
The NFS Version 4 Protocol
Kelum Senanayake
 
Ranjitbanshpal
RanjitbanshpalRanjitbanshpal
Ranjitbanshpal
ranjit banshpal
 
NETWORK FILE SYSTEM
NETWORK FILE SYSTEMNETWORK FILE SYSTEM
NETWORK FILE SYSTEM
Roshan Kumar
 

Similar to CITI, NFSv4, and ASCI (20)

DFSNov1.pptx
DFSNov1.pptxDFSNov1.pptx
DFSNov1.pptx
 
AFS introduction
AFS introductionAFS introduction
AFS introduction
 
Pnfs
PnfsPnfs
Pnfs
 
DHCP
DHCPDHCP
DHCP
 
Linux Based Network Proposal
Linux Based Network ProposalLinux Based Network Proposal
Linux Based Network Proposal
 
Session_2.ppt
Session_2.pptSession_2.ppt
Session_2.ppt
 
Nfs1
Nfs1Nfs1
Nfs1
 
Dns
DnsDns
Dns
 
Linux network configuration
Linux network configurationLinux network configuration
Linux network configuration
 
Chapter 8 distributed file systems
Chapter 8 distributed file systemsChapter 8 distributed file systems
Chapter 8 distributed file systems
 
network filesystem briefs
network filesystem briefsnetwork filesystem briefs
network filesystem briefs
 
FreeBSD - LinuxExpo
FreeBSD - LinuxExpoFreeBSD - LinuxExpo
FreeBSD - LinuxExpo
 
Building a Linux IPv6 DNS Server Project review PPT v3.0 First review
Building a Linux IPv6 DNS Server Project review PPT v3.0 First reviewBuilding a Linux IPv6 DNS Server Project review PPT v3.0 First review
Building a Linux IPv6 DNS Server Project review PPT v3.0 First review
 
Linux Operating System Vulnerabilities
Linux Operating System VulnerabilitiesLinux Operating System Vulnerabilities
Linux Operating System Vulnerabilities
 
Linux Vulnerabilities
Linux VulnerabilitiesLinux Vulnerabilities
Linux Vulnerabilities
 
RHCE (RED HAT CERTIFIED ENGINEERING)
RHCE (RED HAT CERTIFIED ENGINEERING)RHCE (RED HAT CERTIFIED ENGINEERING)
RHCE (RED HAT CERTIFIED ENGINEERING)
 
Cl309
Cl309Cl309
Cl309
 
The NFS Version 4 Protocol
The NFS Version 4 ProtocolThe NFS Version 4 Protocol
The NFS Version 4 Protocol
 
Ranjitbanshpal
RanjitbanshpalRanjitbanshpal
Ranjitbanshpal
 
NETWORK FILE SYSTEM
NETWORK FILE SYSTEMNETWORK FILE SYSTEM
NETWORK FILE SYSTEM
 

Recently uploaded

Family/Indoor Entertainment Centers Market: Regulation and Compliance Updates
Family/Indoor Entertainment Centers Market: Regulation and Compliance UpdatesFamily/Indoor Entertainment Centers Market: Regulation and Compliance Updates
Family/Indoor Entertainment Centers Market: Regulation and Compliance Updates
AishwaryaDoiphode3
 
Innovation Hub_ Spotlight on Toms River's Role as a Beacon for Entrepreneuria...
Innovation Hub_ Spotlight on Toms River's Role as a Beacon for Entrepreneuria...Innovation Hub_ Spotlight on Toms River's Role as a Beacon for Entrepreneuria...
Innovation Hub_ Spotlight on Toms River's Role as a Beacon for Entrepreneuria...
Philip M Caputo
 
Managing Customer & User Experience of Customers
Managing Customer & User Experience of CustomersManaging Customer & User Experience of Customers
Managing Customer & User Experience of Customers
SalmanTahir60
 
THE IMPORTANCE OF CODING IN DEVOPS EXPLANATION
THE IMPORTANCE OF CODING IN DEVOPS EXPLANATIONTHE IMPORTANCE OF CODING IN DEVOPS EXPLANATION
THE IMPORTANCE OF CODING IN DEVOPS EXPLANATION
hrajkumar444
 
MEA Union Budget 2024-25 Final Presentation
MEA Union Budget 2024-25 Final PresentationMEA Union Budget 2024-25 Final Presentation
MEA Union Budget 2024-25 Final Presentation
PhysicsUtu
 
Navigating Change Strategies for Effective Transition and Operational Plannin...
Navigating Change Strategies for Effective Transition and Operational Plannin...Navigating Change Strategies for Effective Transition and Operational Plannin...
Navigating Change Strategies for Effective Transition and Operational Plannin...
Brian Frerichs
 
AI at Work​ The demystification of AI and real-world stories on how to apply ...
AI at Work​ The demystification of AI and real-world stories on how to apply ...AI at Work​ The demystification of AI and real-world stories on how to apply ...
AI at Work​ The demystification of AI and real-world stories on how to apply ...
Auxis Consulting & Outsourcing
 
Corporate Governance for South African Mining Companies
Corporate Governance for South African Mining CompaniesCorporate Governance for South African Mining Companies
Corporate Governance for South African Mining Companies
James AH Campbell
 
KineMaster Diamond APK v7.3.11.32200 (4K HD, No Watermark)
KineMaster Diamond APK v7.3.11.32200 (4K HD, No Watermark)KineMaster Diamond APK v7.3.11.32200 (4K HD, No Watermark)
KineMaster Diamond APK v7.3.11.32200 (4K HD, No Watermark)
APKs Pure
 
Cheslyn Jacobs- TymeBank: Building Consumer Trust in Digital Banking
Cheslyn Jacobs- TymeBank: Building Consumer Trust in Digital  BankingCheslyn Jacobs- TymeBank: Building Consumer Trust in Digital  Banking
Cheslyn Jacobs- TymeBank: Building Consumer Trust in Digital Banking
itnewsafrica
 
Growth Buyouts - The Dawn of the GBO (Slow Ventures)
Growth Buyouts - The  Dawn of the GBO (Slow Ventures)Growth Buyouts - The  Dawn of the GBO (Slow Ventures)
Growth Buyouts - The Dawn of the GBO (Slow Ventures)
Razin Mustafiz
 
TALENT ACQUISITION AND MANAGEMENT LECTURE 2
TALENT ACQUISITION AND MANAGEMENT LECTURE 2TALENT ACQUISITION AND MANAGEMENT LECTURE 2
TALENT ACQUISITION AND MANAGEMENT LECTURE 2
projectseasy
 
PETAVIT SIP-05.pdfAAAAAAAAAAAAAAAAAAAAAAAAA
PETAVIT SIP-05.pdfAAAAAAAAAAAAAAAAAAAAAAAAAPETAVIT SIP-05.pdfAAAAAAAAAAAAAAAAAAAAAAAAA
PETAVIT SIP-05.pdfAAAAAAAAAAAAAAAAAAAAAAAAA
lawrenceads01
 
High Profile Girls Call Bhubaneswar 🎈🔥000XX00000 🔥💋🎈 Provide Best And Top Gir...
High Profile Girls Call Bhubaneswar 🎈🔥000XX00000 🔥💋🎈 Provide Best And Top Gir...High Profile Girls Call Bhubaneswar 🎈🔥000XX00000 🔥💋🎈 Provide Best And Top Gir...
High Profile Girls Call Bhubaneswar 🎈🔥000XX00000 🔥💋🎈 Provide Best And Top Gir...
dimplekumaridk322
 
Discover who your target audience is and reach them
Discover who your target audience is and reach themDiscover who your target audience is and reach them
Discover who your target audience is and reach them
Quibble
 
Transforming the Future of Limo Services.pptx
Transforming the Future of Limo Services.pptxTransforming the Future of Limo Services.pptx
Transforming the Future of Limo Services.pptx
limocaptaincom
 
You Get Me! Leveraging Communication Styles in Virtual Trainingpptx
You Get Me! Leveraging Communication Styles in Virtual TrainingpptxYou Get Me! Leveraging Communication Styles in Virtual Trainingpptx
You Get Me! Leveraging Communication Styles in Virtual Trainingpptx
Cynthia Clay
 
TALENT ACQUISITION AND MANAGEMENT LECTURE 5
TALENT ACQUISITION AND MANAGEMENT LECTURE 5TALENT ACQUISITION AND MANAGEMENT LECTURE 5
TALENT ACQUISITION AND MANAGEMENT LECTURE 5
projectseasy
 
Mandated reporting powerpoint to help with understanding your role
Mandated reporting powerpoint to help with understanding your roleMandated reporting powerpoint to help with understanding your role
Mandated reporting powerpoint to help with understanding your role
khidalgo2
 
Guide to Obtaining a Money Changer License in Singapore
Guide to Obtaining a Money Changer License in SingaporeGuide to Obtaining a Money Changer License in Singapore
Guide to Obtaining a Money Changer License in Singapore
Enterslice
 

Recently uploaded (20)

Family/Indoor Entertainment Centers Market: Regulation and Compliance Updates
Family/Indoor Entertainment Centers Market: Regulation and Compliance UpdatesFamily/Indoor Entertainment Centers Market: Regulation and Compliance Updates
Family/Indoor Entertainment Centers Market: Regulation and Compliance Updates
 
Innovation Hub_ Spotlight on Toms River's Role as a Beacon for Entrepreneuria...
Innovation Hub_ Spotlight on Toms River's Role as a Beacon for Entrepreneuria...Innovation Hub_ Spotlight on Toms River's Role as a Beacon for Entrepreneuria...
Innovation Hub_ Spotlight on Toms River's Role as a Beacon for Entrepreneuria...
 
Managing Customer & User Experience of Customers
Managing Customer & User Experience of CustomersManaging Customer & User Experience of Customers
Managing Customer & User Experience of Customers
 
THE IMPORTANCE OF CODING IN DEVOPS EXPLANATION
THE IMPORTANCE OF CODING IN DEVOPS EXPLANATIONTHE IMPORTANCE OF CODING IN DEVOPS EXPLANATION
THE IMPORTANCE OF CODING IN DEVOPS EXPLANATION
 
MEA Union Budget 2024-25 Final Presentation
MEA Union Budget 2024-25 Final PresentationMEA Union Budget 2024-25 Final Presentation
MEA Union Budget 2024-25 Final Presentation
 
Navigating Change Strategies for Effective Transition and Operational Plannin...
Navigating Change Strategies for Effective Transition and Operational Plannin...Navigating Change Strategies for Effective Transition and Operational Plannin...
Navigating Change Strategies for Effective Transition and Operational Plannin...
 
AI at Work​ The demystification of AI and real-world stories on how to apply ...
AI at Work​ The demystification of AI and real-world stories on how to apply ...AI at Work​ The demystification of AI and real-world stories on how to apply ...
AI at Work​ The demystification of AI and real-world stories on how to apply ...
 
Corporate Governance for South African Mining Companies
Corporate Governance for South African Mining CompaniesCorporate Governance for South African Mining Companies
Corporate Governance for South African Mining Companies
 
KineMaster Diamond APK v7.3.11.32200 (4K HD, No Watermark)
KineMaster Diamond APK v7.3.11.32200 (4K HD, No Watermark)KineMaster Diamond APK v7.3.11.32200 (4K HD, No Watermark)
KineMaster Diamond APK v7.3.11.32200 (4K HD, No Watermark)
 
Cheslyn Jacobs- TymeBank: Building Consumer Trust in Digital Banking
Cheslyn Jacobs- TymeBank: Building Consumer Trust in Digital  BankingCheslyn Jacobs- TymeBank: Building Consumer Trust in Digital  Banking
Cheslyn Jacobs- TymeBank: Building Consumer Trust in Digital Banking
 
Growth Buyouts - The Dawn of the GBO (Slow Ventures)
Growth Buyouts - The  Dawn of the GBO (Slow Ventures)Growth Buyouts - The  Dawn of the GBO (Slow Ventures)
Growth Buyouts - The Dawn of the GBO (Slow Ventures)
 
TALENT ACQUISITION AND MANAGEMENT LECTURE 2
TALENT ACQUISITION AND MANAGEMENT LECTURE 2TALENT ACQUISITION AND MANAGEMENT LECTURE 2
TALENT ACQUISITION AND MANAGEMENT LECTURE 2
 
PETAVIT SIP-05.pdfAAAAAAAAAAAAAAAAAAAAAAAAA
PETAVIT SIP-05.pdfAAAAAAAAAAAAAAAAAAAAAAAAAPETAVIT SIP-05.pdfAAAAAAAAAAAAAAAAAAAAAAAAA
PETAVIT SIP-05.pdfAAAAAAAAAAAAAAAAAAAAAAAAA
 
High Profile Girls Call Bhubaneswar 🎈🔥000XX00000 🔥💋🎈 Provide Best And Top Gir...
High Profile Girls Call Bhubaneswar 🎈🔥000XX00000 🔥💋🎈 Provide Best And Top Gir...High Profile Girls Call Bhubaneswar 🎈🔥000XX00000 🔥💋🎈 Provide Best And Top Gir...
High Profile Girls Call Bhubaneswar 🎈🔥000XX00000 🔥💋🎈 Provide Best And Top Gir...
 
Discover who your target audience is and reach them
Discover who your target audience is and reach themDiscover who your target audience is and reach them
Discover who your target audience is and reach them
 
Transforming the Future of Limo Services.pptx
Transforming the Future of Limo Services.pptxTransforming the Future of Limo Services.pptx
Transforming the Future of Limo Services.pptx
 
You Get Me! Leveraging Communication Styles in Virtual Trainingpptx
You Get Me! Leveraging Communication Styles in Virtual TrainingpptxYou Get Me! Leveraging Communication Styles in Virtual Trainingpptx
You Get Me! Leveraging Communication Styles in Virtual Trainingpptx
 
TALENT ACQUISITION AND MANAGEMENT LECTURE 5
TALENT ACQUISITION AND MANAGEMENT LECTURE 5TALENT ACQUISITION AND MANAGEMENT LECTURE 5
TALENT ACQUISITION AND MANAGEMENT LECTURE 5
 
Mandated reporting powerpoint to help with understanding your role
Mandated reporting powerpoint to help with understanding your roleMandated reporting powerpoint to help with understanding your role
Mandated reporting powerpoint to help with understanding your role
 
Guide to Obtaining a Money Changer License in Singapore
Guide to Obtaining a Money Changer License in SingaporeGuide to Obtaining a Money Changer License in Singapore
Guide to Obtaining a Money Changer License in Singapore
 

CITI, NFSv4, and ASCI

  • 1. CITI, NFSv4, and ASCI Peter Honeyman and Andy Adamson Center for Information Technology Integration University of Michigan Ann Arbor
  • 2. Outline Brief history Skin in the game Accomplishments
  • 3. CITI’s NFSv4 experiences Fleshing out protocol spec Flushing out protocol bugs Complete 2.4 implementation, but isolated from NFSv2/v3
  • 4. NFSv4: Making it real Delivered the critical building blocks in Linux 2.5 Completely rewritten (twice) Integrated with NFSv2/v3 Identical performance Posix ACLs mapped
  • 5. NFSv4: Making it real Some pieces still to come As “bug fixes” not new features CITI/ASCI project starts DCE/DFS bows out
  • 6. Meeting ASCI needs Parallel file systems Mostly Gedanken experiments Security, ACLs, principals Important for DFS migration
  • 7. Parallel file systems CITI’s first introduction; principally GPFS Devised FILE_LOCATIONS extension Load sharing among parallel NFSv4 servers I/O striping
  • 8. Current work Global namespace Migration and replication Directory delegation Minor versioning
  • 9. NFSv4 principals NFSv2/v3 use AUTH_SYS (32-bit integers) to designate identity On the wire and on the disk DFS and AFS manage their own principals and IDs Impose them on the file system Usually kept in synch with UNIX IDs (if yer smart)
  • 10. NFSv4 principals NFSv4 mandates RPCSEC_GSS Each GSS_API mechanism has its own standard for representing principals Kerberos V X.509 Both are string representations, not integers
  • 11. NFSv4 principals GSS context needs to be mapped to an identity coherent to the server Upcall to GSSD Security is paramount here Passes GSS principal GSSD calls a mapping service NSSwitch, LDAP, PTS, local database, … There can be many names, all denoting the same principal Returns an ID
  • 12. NFSv4 ACLs Protocol specifies principals (owner and group) in ACLs in the form of [email_address] Linux Posix ACLs use 32-bit ints GetACL returns … ? File owner could be local UNIX name, X.509 DN, Kerberos principal, … Canonical name depends on the server local file system (UNIX name in our case)
  • 13. NFSv4 ACLs SetACL sends … ? Strings … Mapped to canonical names on the server To SetACL a remote user, e.g., [email_address] , we (merely) need to assign a local UID
  • 14. NFSv4 principals Administrative domain imposes consistency on name space NSSwitch database maps canonical name to many names Two steps: X.509 name (OU=…), Kerberos V name mapped to canonical name (bob) Canonical name mapped to UID (71337)
  • 15. NFSv4 principals We are implementing what we can And we seek comments from you lovely people whose pants are on fire
  • 16. Accomplishments Code in Linux kernel NFSv4, RPC, VFS, scalability issues, security, … RPCSEC_GSS code in MIT Kerberos V CITI code in OpenSSL Channel for CITI’s SPKM3
  • 17. Accomplishments Influenced NFSv4 protocol Influencing NFSv4.1 CITI’s major contribution to ASCI is the ability to understand and represent ASCI needs (†) in these arenas and help make change real. (†) With your help