Methods and apparatus for providing dynamic network file system client authentication
First Claim
1. A method implemented on a server computer system for providing dynamic client authentication in a distributed file system computing environment, the method comprising the computer controlled steps of:
- receiving an NFS request from an NFS client, the NFS request including a file handle representing a given file system available on the server computer system and a file operation to be performed upon the given file system, the given file system modifiable by clients of the server computer having a corresponding access status of read-write with respect to the given file system, readable by clients of the server computer having the corresponding access status of read only with respect to the given file system, and inaccessible to all other clients of the server computer;
dynamically determining whether the NFS client has an access status sufficient to perform the NFS request; and
performing the NFS request when the NFS client has sufficient access status.
2 Assignments
0 Petitions
Accused Products
Abstract
A variety of methods and apparatus are taught for providing dynamic distributed file system client authentication. One method for providing dynamic distributed file system client authentication within a distributed file system computing environment includes the steps of receiving an NFS request from an NFS client, determining whether the NFS client has an access status sufficient to perform the NFS request, and performing the NFS request when the NFS client has sufficient access status. In some embodiments, the NFS request includes a file handle representing a given file system available on the server computer system and a file operation to be performed upon the given file system. A server computer in accordance with one embodiment of the present invention is operable to provide dynamic NFS client authentication. The server computer includes a CPU, a RAM accessible by the CPU, a ROM accessible by the CPU, a network I/O port coupled with the CPU, a mass storage device accessible by the CPU, and a kernel implemented on the server computer. In addition, the server computer implements a dynamic NFS client authentication service operable to receive an NFS request from an NFS client and to authenticate the NFS client in relation to the NFS request. The dynamic NFS client authentication service considers factors such as time, date, identity of the NFS client, a nature of the NFS request, and a current status of a resource upon which the NFS request operates.
163 Citations
30 Claims
-
1. A method implemented on a server computer system for providing dynamic client authentication in a distributed file system computing environment, the method comprising the computer controlled steps of:
-
receiving an NFS request from an NFS client, the NFS request including a file handle representing a given file system available on the server computer system and a file operation to be performed upon the given file system, the given file system modifiable by clients of the server computer having a corresponding access status of read-write with respect to the given file system, readable by clients of the server computer having the corresponding access status of read only with respect to the given file system, and inaccessible to all other clients of the server computer; dynamically determining whether the NFS client has an access status sufficient to perform the NFS request; and performing the NFS request when the NFS client has sufficient access status. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A computer readable medium containing a computer program for providing dynamic client authentication to a server computer operating in a distributed file system computing environment, the computer program comprising computer executable instructions for:
-
receiving an NFS request from an NFS client, the NFS request including a file handle representing a given file system available on the server computer system and a file operation to be performed upon the given file system, the given file system modifiable by clients of the server computer having a corresponding access status of read-write with respect to the given file system, readable by clients of the server computer having the corresponding access status of read only with respect to the given file system, and inaccessible to all other clients of the server computer; dynamically determining whether the NFS client has an access status sufficient to perform the NFS request; and performing the NFS request when the NFS client has sufficient access status. - View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22, 23, 24)
-
-
25. A server computer for use in a distributed file system computing environment, the server computer operable to provide dynamic NFS client authentication, the server computer comprising:
-
a central processing unit (CPU); a random access memory accessible by the CPU; a read only memory accessible by the CPU; a network input/output port coupled with the CPU; a mass storage device accessible by the CPU, the mass storage device capable of storing a given file system modifiable by clients of the server computer having an access status of read-write with respect to the given file system, readable by clients of the server computer having the access status of read only with respect to the given file system, and inaccessible to all other clients of the server computer; a kernel implemented on the server computer, the kernel implementing primitive functions of an operating system for the server computer; and a dynamic NFS client authentication service operable to receive an NFS request from an NFS client and to dynamically authenticate the NFS client in relation to the NFS request, the dynamic NFS client authentication service considering at least one of time, date, identity of the NFS client, a nature of the NFS request, and a current status of a resource which the NFS request operates upon. - View Dependent Claims (26, 27, 28, 29)
-
-
30. A method implemented on a server computer system for providing dynamic client authentication in a distributed file system computing environment, the method comprising the computer controlled steps of:
-
receiving an NFS request from an NFS client, the NFS request including a file handle representing a given file system available on the server computer system and a file operation to be performed upon the given file system, the given file system modifiable by clients of the server computer having a corresponding access status of read-write with respect to the given file system, readable by clients of the server computer having the corresponding access status of read only with respect to the given file system, and inaccessible to all other clients of the server computer; searching an export information table resident on the server computer system to determine whether the given file system has an entry therein, the export information table having an entry for the given file system, the entry including a read only bit which when set indicates global read only access to the given file system and a read-write bit which when set indicates global read and write access to the given file system, the read only bit and the read-write bit being exclusive; when the read only bit is set, setting the client'"'"'s access status to read only; when the read-write bit is set, setting the client'"'"'s access status to read-write; when neither the read only bit nor the read-write bit is set, performing the following substeps of; (a) searching a cache memory resident on the server computer system to find a specific export authentication cache entry for the NFS client which corresponds to the given file system, the specific export authentication cache entry, when it exists, indicating the client'"'"'s access status to the given file system to which the client'"'"'s access status is then set; and (b) when the specific export authentication cache entry does not exist, creating the specific export authentication cache entry and then setting the client'"'"'s access status to that indicated by the newly created specific export authentication cache entry, the specific export authentication cache entry creation including; (i) searching a share table file resident on the server computer system to find a share entry for the given file system; (ii) setting the client'"'"'s access status to no access when the share entry for the given file system is not found in the share table file; (iii) determining the client'"'"'s access status from the share entry for the given file system when the share entry is found in the share table file; and (iv) setting the client'"'"'s access status according to the share entry for the given file system when the share entry is found in the share table file; and performing the NFS request when either (i) the client'"'"'s access status is read only and the file operation does not require a modification of the given file system or (ii) the client'"'"'s access status is read-write.
-
Specification