Kerberized NFS Vs NFS over VPN tunnel

Frank Cusack frank+krb at
Tue Mar 8 13:24:40 EST 2011

On 3/7/11 4:15 AM +0000 sandeep patil wrote:
> In other words does a VPN tunnel between NFS
> client  system and NFS server system override the need to have a
> kerberized NFS infrastructure ?

No.  The two are unrelated.  Even though I authenticate to the VPN
(assuming it involves user-level authentication and said authentication
is strong), if you use "insecure" NFS I can impersonate (wrt NFS) any
user at will.  *That* is the problem that kerberized NFS is fixing
and VPN does not change that.

More information about the krbdev mailing list