Re: [OFFTOPIC] Secure network fileserving Linux <-> Linux

Jesse Pollard (pollard@tomcat.admin.navo.hpc.mil)
Thu, 6 Sep 2001 07:46:37 -0500 (CDT)


Dominik Kubla <kubla@sciobyte.de>:
On Wed, Sep 05, 2001 at 05:12:48PM -0500, Jesse Pollard wrote:
>
> Kerberos won't help either - The only parts of NFS that were kerberized
> was the initial mount. Everything else uses filehandles/UDP. Encryption
> doesn't help either - slows the entire network down too much.

I disagree! First of all you can always use NFS over TCP, so much for
"every thing else uses filehandles/UDP". (No that this improves security,
but it can improve reliability!)

Yes - but it won't work in the environment. As you pointed out, it works
under Solaris. No MACs, No Linux, and no MS windows (which would likely be
present in a lab).

Second, without physical security you can't protect the access keys - hence
no kerberos.

-------------------------------------------------------------------------
Jesse I Pollard, II
Email: pollard@navo.hpc.mil

Any opinions expressed are solely my own.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/