Kerberized NFS Vs NFS over VPN tunnel
frank+krb at linetwo.net
Tue Mar 8 13:24:40 EST 2011
On 3/7/11 4:15 AM +0000 sandeep patil wrote:
> In other words does a VPN tunnel between NFS
> client system and NFS server system override the need to have a
> kerberized NFS infrastructure ?
No. The two are unrelated. Even though I authenticate to the VPN
(assuming it involves user-level authentication and said authentication
is strong), if you use "insecure" NFS I can impersonate (wrt NFS) any
user at will. *That* is the problem that kerberized NFS is fixing
and VPN does not change that.
More information about the krbdev