[2318] in Kerberos_V5_Development
Re: request comments on new ACL file format
daemon@ATHENA.MIT.EDU (Theodore Y. Ts'o)
Tue Mar 25 01:56:40 1997
Date: Tue, 25 Mar 1997 01:56:01 -0500
From: "Theodore Y. Ts'o" <tytso@MIT.EDU>
To: Ken Hornstein <kenh@cmf.nrl.navy.mil>
Cc: Tom Yu <tlyu@MIT.EDU>, krbdev@MIT.EDU
In-Reply-To: Ken Hornstein's message of Tue, 25 Mar 1997 00:54:18 -0500,
<199703250554.AAA21134@ginger.cmf.nrl.navy.mil>
Date: Tue, 25 Mar 1997 00:54:18 -0500
From: Ken Hornstein <kenh@cmf.nrl.navy.mil>
One question: why distinguish between user groups and target groups?
Is there an implementation reason? While I can't come up with a scenario
where you might want to use a user group interchangably with a target
group, it _might_ happen, and the separation seems rather arbitrary.
When you perform an:
permissions_check(client_principal, target_principal, operation)
You need to get a list of all of the groups that client_principal
belongs to, and a list of all of the groups that target_principal
belongs to. Recall that groups can contain wildcard entries, other groups,
and negations of wildcard entries, groups, or specific entries, i.e.
ugroup network jis,tytso,tytso/*
tgroup hosts hosts/*,!host/kerberos.mit.edu,!host/moira.mit.edu
Hence, to get the list of groups to which a client or target principal
belongs requires a individual check of each group in the client or
target principal list. By distinguishing between user and target
groups, we reduce the number of comparisons that might need to be made.
- Ted
