Kerberos NFSD for Linux?

David Magda dmagda+trace040127 at ee.ryerson.ca
Thu Feb 5 16:54:39 EST 2004


hartmans at MIT.EDU (Sam Hartman) writes:

> I think you may be out of luck.  Really the first version of NFS
> that seems to be particularly secure is NFS version 4.  There are
> some attempts to add Kerberos to previous versions of NFS, but I'm
> unconvinced of the security of most of them.

Solaris 8 (and above?) has nfssec(5). From the man page:

     The  NFS security modes are described as follows:

     sys   Use AUTH_SYS authentication. The user's  UNIX  user-id
           and  group-ids are passed in the clear on the network,
           unauthenticated by the  NFS server.  This is the  sim-
           plest  security  method  and  requires  no  additional
           administration. It is the default used by Solaris  NFS
           Version 2 clients and Solaris NFS servers.

     dh    Use a Diffie-Hellman public  key  system  (  AUTH_DES,
           which  is  referred  to as  AUTH_DH in the forthcoming
           Internet  RFC).

     krb4  Use the Kerberos Version  4  authentication  system  (
           AUTH_KERB,  which  is  referred to as  AUTH_KERB4 in a
           forthcoming Internet  RFC).

     none  Use  null authentication  (  AUTH_NONE).  NFS  clients
           using   AUTH_NONE  have  no identity and are mapped to
           the anonymous user nobody by   NFS servers.  A  client
           [...]

See also secure_rpc(3NSL). This of course doesn't help the OP.

-- 
David Magda <dmagda at ee.ryerson.ca>, http://www.magda.ca/
Because the innovator has for enemies all those who have done well under
the old conditions, and lukewarm defenders in those who may do well 
under the new. -- Niccolo Machiavelli, _The Prince_, Chapter VI


More information about the Kerberos mailing list