Re: [k]nfsd, nfs and security questions

Alan Cox (alan@lxorguk.ukuu.org.uk)
Tue, 2 Dec 1997 16:40:20 +0000 (GMT)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Stefan Reinauer: "REPOST: Security Bug in Virtual Terminal Driver (vt.c)"
Previous message: Niall Richard Murphy: "Re: 2.0.32 freezes."
In reply to: Felix Schroeter: "Re: [k]nfsd, nfs and security questions"
Next in thread: Alan Cox: "Re: [k]nfsd, nfs and security questions"

> the way to go for securing NFS, because it's too slow. IMHO either
> IPSec (with encryption and IP authentication -- usable if you trust
> the *real* host with a given IP address) or some symmetrical systems
> with initial key handshake using public key cryptography are the way
> to go.

IPsec is IMHO not suited for the task. It is host to host and most algorithms
available are primitive. Its also unlikely to appear in many systems until the
US government gets its collective heads out of its collected arse

MD5 is far more interesting because you can keep an MD5 key/user cache via
a user space keyserver and use MD5 signed NFS to do user level security. Or
even a primitve "passord" scheme for per user MD5 signed NFS. MD5 appears to
be both patent free and exportable (its a signing system not crypto)

Next message: Stefan Reinauer: "REPOST: Security Bug in Virtual Terminal Driver (vt.c)"
Previous message: Niall Richard Murphy: "Re: 2.0.32 freezes."
In reply to: Felix Schroeter: "Re: [k]nfsd, nfs and security questions"
Next in thread: Alan Cox: "Re: [k]nfsd, nfs and security questions"