Controlling access to an NFS share
First Claim
1. A method for controlling access to data that is accessible via a Network File System (NFS) protocol, the method comprising:
- utilizing a computer to perform;
receiving a request from a client program to gain access to the data;
authenticating the client program;
creating a mount point which comprises the data, wherein said creating the mount point comprises;
creating at least one cryptographic value, wherein said creating at least one cryptographic value comprises creating a first cryptographic value and a second cryptographic value;
creating a path for the mount point which incorporates the at least one cryptographic value, wherein said creating the path comprises creating a first path to the mount point incorporating the first cryptographic value, and;
creating the mount point at the path, wherein the mount point is useable to access the data in a secure manner;
receiving a mount request from the client program to mount the path;
accepting the mount request from the client program;
locking the mount for use only by the client program;
receiving a request to unmount the mount point using a second path which incorporates the second cryptographic value; and
performing the unmount on the mount point using the first path which incorporates the first cryptographic value.
8 Assignments
0 Petitions
Accused Products
Abstract
Providing authentication of users accessing an NFS shared file system. A shared secret is used as a component of the mount point used to access the NFS share. Upon receiving a request to access to the data in the NFS share, the process creates at least one cryptographic value and then creates a path to the mount point which incorporates the cryptographic value. The process then creates the mount point at the path, e.g., /PATH:k1, where k1 is the cryptographic value. Creation of the mount point is preferably performed using NFS protocol semantics, without requiring any changes to the NFS protocol semantics. A second cryptographic value, k2, may be used for unmounting the mount point.
15 Citations
12 Claims
-
1. A method for controlling access to data that is accessible via a Network File System (NFS) protocol, the method comprising:
utilizing a computer to perform; receiving a request from a client program to gain access to the data; authenticating the client program; creating a mount point which comprises the data, wherein said creating the mount point comprises; creating at least one cryptographic value, wherein said creating at least one cryptographic value comprises creating a first cryptographic value and a second cryptographic value; creating a path for the mount point which incorporates the at least one cryptographic value, wherein said creating the path comprises creating a first path to the mount point incorporating the first cryptographic value, and; creating the mount point at the path, wherein the mount point is useable to access the data in a secure manner; receiving a mount request from the client program to mount the path; accepting the mount request from the client program; locking the mount for use only by the client program; receiving a request to unmount the mount point using a second path which incorporates the second cryptographic value; and performing the unmount on the mount point using the first path which incorporates the first cryptographic value. - View Dependent Claims (2, 3, 4, 5, 6)
-
7. A non-transitory computer readable memory medium storing program instructions for controlling access to data that accessible via a Network File System (NFS) protocol, wherein the program instructions are executable to:
-
receive a request from a client program to gain access to the data; authenticate the client program; create a mount point which comprises the data, wherein in creation of the mount point, the program instructions are executable to; create at least one cryptographic value, wherein said creating at least one cryptographic value comprises creating a first cryptographic value and a second cryptographic value; create a path for the mount point which incorporates the at least one cryptographic value, wherein to create the path, the program instructions are executable to create a first path to the mount point incorporating the first cryptographic value, and; create the mount point at the path, wherein the mount point is useable to access the data in a secure manner; receive a mount request from the client program to mount the path; accept the mount request from the client program; lock the mount for use only by the client program; receive a request to unmount the mount point using a second path which incorporates the second cryptographic value; and perform the unmount on the mount point using the first path which incorporates the first cryptographic value. - View Dependent Claims (8, 9, 10, 11, 12)
-
Specification