On Sun, 28 Oct 2001, "Derek D. Martin" <[EMAIL PROTECTED]> wrote: > > On Sun, Oct 28, 2001 at 08:58:21AM -0500, Ron Peterson wrote: > > NFSv2 and v3 are both insecure. If the client computer is on my desktop, > > I can reinstall Linux, give myself root, and then connect as any user I > > want. ... > If you want to learn how to manage Kerberos, that may work for you... > But I'm not sure if there is a good implementation of kerberized NFS > for Linux. I think this again may be in the realm of NFSv4.
If someone is bold enough to try it, I'd love to hear a report of how NFSv4 works in solving this problem on Linux in a business situation. An open source implementation is at: http://www.citi.umich.edu/projects/nfsv4/index.html I don't know how robust this is, but perhaps it is ready for some folks to do a limited test deployment (i.e. some guinea pigs at work). Or even just a careful critique w/o actually installing it. Personally, I am not so interested in the bugs in the above implementation since those can be fixed, but I am more interested in if this sort of thing effectively solves this file-sharing problem in the Real World(tm). Presumably when a user logs in (on a machine) correctly with his Unix passwd that gets a kerberos ticket to allow access to the NFS shares and etc. This sounds good but I can see some things that are out of scope (e.g. the physical security of a box: an evil employee installs a hacked nfsv4-ized linux kernel on a lab machine and waits for an unsuspecting employee to log into it). Karl ***************************************************************** To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the text 'unsubscribe gnhlug' in the message body. *****************************************************************