> Brian W. Spolarich writes:
> > I'm surprised that Sun hasn't done some similar work with NFS on top of
> > their too-much-touted secure RPC code.
>
> Actually, at the last USENIX Security conference there was I paper I wrote
> with some guys from Sun describe a new security flavor for ONC RPC that uses
> the GSS-API. It allows for authentication as well as integrity and
encrpytion
> of filesystem data. They have a prototype for NFS clients/servers already.
> It was tested with the Kerberos V5 mechanism, but should also work with
> other mechanisms like SPKM. An internet draft on the new flavor (RPCSEC_GSS)
> just came out as well. There are also some other neat things showing
> up in NFS like XFN, client-side failover, etc. Of course Sun sat on the
> success of NFS for much too long and getting all the vendors to implement
> the new stuff is an uphill battle...
Kerberos 5 now comes with a GSS extended version of ONC RPC now (or will real
soon) which allows encryption. Is the stuff Sun's working on freely available
in source yet, OOC?
The things which would still be missing from Sun RPC would then presumably be
bulk data transfer and allowing more than a signle item to be returned from an
RPC call.
-D
