Kerberos NFSD for Linux?
Wyllys Ingersoll
wyllys.ingersoll at sun.com
Thu Feb 5 18:29:53 EST 2004
David Magda wrote:
>hartmans at MIT.EDU (Sam Hartman) writes:
>
>
>
>>I think you may be out of luck. Really the first version of NFS
>>that seems to be particularly secure is NFS version 4. There are
>>some attempts to add Kerberos to previous versions of NFS, but I'm
>>unconvinced of the security of most of them.
>>
>>
>
>Solaris 8 (and above?) has nfssec(5). From the man page:
>
> The NFS security modes are described as follows:
>
> sys Use AUTH_SYS authentication. The user's UNIX user-id
> and group-ids are passed in the clear on the network,
> unauthenticated by the NFS server. This is the sim-
> plest security method and requires no additional
> administration. It is the default used by Solaris NFS
> Version 2 clients and Solaris NFS servers.
>
> dh Use a Diffie-Hellman public key system ( AUTH_DES,
> which is referred to as AUTH_DH in the forthcoming
> Internet RFC).
>
> krb4 Use the Kerberos Version 4 authentication system (
> AUTH_KERB, which is referred to as AUTH_KERB4 in a
> forthcoming Internet RFC).
>
I believe this is a mistake in the docs. Solaris 8 (or later) do NOT
support
Kerberos V4, only V5.
They do support Kerberos V5. Download the SEAM package
for Solaris 8 (free from www.sun.com). Also get the "encryption pack"
to enable privacy (i.e. encryption) protection - this is only for Solaris 8,
encryption pack is not needed for Solaris 9.
SEAM for Solaris 8 includes NFSv3 with Kerberos in 3 modes -
authentication only, auth + integrity protection, and auth+ integ + privacy.
There are also documentatin books at docs.sun.com that explain how
to configure and use NFS with Kerberos.
-Wyllys
>
> none Use null authentication ( AUTH_NONE). NFS clients
> using AUTH_NONE have no identity and are mapped to
> the anonymous user nobody by NFS servers. A client
> [...]
>
>See also secure_rpc(3NSL). This of course doesn't help the OP.
>
>
>
More information about the Kerberos
mailing list