Kerberos NFSD for Linux?
David Magda
dmagda+trace040127 at ee.ryerson.ca
Thu Feb 5 16:54:39 EST 2004
hartmans at MIT.EDU (Sam Hartman) writes:
> I think you may be out of luck. Really the first version of NFS
> that seems to be particularly secure is NFS version 4. There are
> some attempts to add Kerberos to previous versions of NFS, but I'm
> unconvinced of the security of most of them.
Solaris 8 (and above?) has nfssec(5). From the man page:
The NFS security modes are described as follows:
sys Use AUTH_SYS authentication. The user's UNIX user-id
and group-ids are passed in the clear on the network,
unauthenticated by the NFS server. This is the sim-
plest security method and requires no additional
administration. It is the default used by Solaris NFS
Version 2 clients and Solaris NFS servers.
dh Use a Diffie-Hellman public key system ( AUTH_DES,
which is referred to as AUTH_DH in the forthcoming
Internet RFC).
krb4 Use the Kerberos Version 4 authentication system (
AUTH_KERB, which is referred to as AUTH_KERB4 in a
forthcoming Internet RFC).
none Use null authentication ( AUTH_NONE). NFS clients
using AUTH_NONE have no identity and are mapped to
the anonymous user nobody by NFS servers. A client
[...]
See also secure_rpc(3NSL). This of course doesn't help the OP.
--
David Magda <dmagda at ee.ryerson.ca>, http://www.magda.ca/
Because the innovator has for enemies all those who have done well under
the old conditions, and lukewarm defenders in those who may do well
under the new. -- Niccolo Machiavelli, _The Prince_, Chapter VI
More information about the Kerberos
mailing list