Page 314 - DCAP403_Operating System
P. 314
Unit 14: Windows 2000
Logon and Security Sub-systems Notes
Before a user can access objects on Windows 2000, that user must be authenticated by the logon
subsystem. To be authenticated, a user must have an account and provide the password for that
account.
The security subsystem generates access tokens to represent users on the system. It calls an
authentication package to perform authentication using information from the logon subsystem
or network server. Typically, the authentication package simply looks up the account information
in a local database and checks to see that the password is correct. The security subsystem then
generates the access token for the user id containing the appropriate privileges, quota limits, and
group ids. Whenever the user attempts to access an object in the system, such as by opening a
handle to the object, the access token is passed to the security reference monitor, which checks
privileges and quotas.
The default authentication package for Windows 2000 domains is Kerberos.
14.4 File System
Microsoft Windows 2000 supports four types of file systems on readable/writable disks: the
NTFS file system and three file allocation table (FAT) file systems: FAT12, FAT16 and FAT32.
Windows 2000 also supports two types of file systems on CD-ROM and digital video disk (DVD)
media: Compact Disc File System (CDFS) and Universal Disk Format (UDF). The structures of
the volumes formatted by each of these file systems, as well as the way each file system organizes
data on the disk, are significantly different. The capabilities and limitations of these fi le systems
must be reviewed to determine their comparative features.
In this section we will treat the NTFS file system because it is a modern file system unencumbered
by the need to be fully compatible with the MS-DOS file system, which was based on the CP/M
file system designed for 8-inch floppy disks more than 20 years ago. Times have changed and
8-inch floppy disks are not quite state of the art any more. Neither are their file systems. Also,
NTFS differs both in user interface and implementation in a number of ways from the UNIX fi le
system, which makes it a good second example to study. NTFS is a large and complex system and
space limitations prevent us from covering all of its features, but the material presented below
should give a reasonable impression of it.
Individual file names in NTFS are limited to 255 characters; full paths are limited to 32,767
characters. File names are in Unicode, allowing people in countries not using the Latin alphabet
(e.g., Greece, Japan, India, Russia, and Israel) to write file names in their native language.
For example, f, le is a perfectly legal file name. NTFS fully supports case sensitive names
(so foo is different from Foo and FOO). Unfortunately, the Win32 API does not fully support
case-sensitivity for file names and not at all for directory names, so this advantage is lost to
programs restricted to using Win32 (e.g., for Windows 98 compatibility).
An NTFS file is not just a linear sequence of bytes, as FAT-32 and UNIX files are. Instead, a fi le
consists of multiple attributes, each of which is represented by a stream of bytes. Most fi les have
a few short streams, such as the name of the file and its 64-bit object ID, plus one long (unnamed)
stream with the data. However, a file can also have two or more (long) data streams as well. Each
stream has a name consisting of the file name, a colon, and the stream name, as in foo:stream1.
Each stream has its own size and is lockable independently of all the other streams. The idea
of multiple streams in a file was borrowed from the Apple Macintosh, in which files have two
streams, the data fork and the resource fork. This concept was incorporated into NTFS to allow
an NTFS server be able to serve Macintosh clients.
File streams can be used for purposes other than Macintosh compatibility.
LOVELY PROFESSIONAL UNIVERSITY 307
