On Sunday 23 December 2007 14:09:44 primm wrote: > > > > > > NFS is kind of ugly itself, don't you think? > > > > > > > > > > Ugly? Naah! It's soooo neat. With nis and nfs anyone can login > > > > > anywhere and get their own files and start work right after they've > > > > > got a coffee. It just works. Just like NT server before someone > > > > > downloded a virus. > > > > > > > > Well, I guess if someone else is configuring and maintaining it, > > > > sure, it's wonderful. > > > > > > I setup an nfs server to export /home to 5 other clients. The same > > > server handles nis logins. No eggageration, it took me 1/2 hour most of > > > which was reading man exports until I discovered that Yast had read it > > > for me already! I'll bet that some gurus on this list could do it in 5. > > > > > > Just curious, but what are my alternatives for nfs? > > > Love from L > > > > nfs is good, it mostly just works. But v3 has drawbacks in security, so > > if you're not in total control of the network, it might not be so good > > > > nfsv4 + kerberos can provide real authentication and encryption though, > > so you still don't have to abandon nfs > > 4 years ago it cost me two days work and a 300 Euro installation cost from > an engineer who also sold me the licences for my workstations. That was > w2000. > > It was plagued by viruses and most of my hardware wan't recognised so I had > to fork out for new machines too. 5000 Euros later. > > I'm now reading that Linux nfs which I installed by yast all by myself is > also a security risk.
It is a security risk in that it's not encrypted. Another problem is that the nfs server in versions 3 and below fully trusts the client about user IDs. It won't put viruses on your machines, but it does mean that if you don't control the root account on all machines, anyone can read any file, or write to any share. In version 4, if you use kerberos authentication, it doesn't do that. And with kerberos you can also get encrypted nfs > But for gads sake, it's been up for 6 months with my > staff reading e-mails and chatting to and from their latest boyfriends all > through the lunch break. I use SuSEfirewall2. Setup by Yast. > > What a mess. I can't afford to go back to commercial products at the > moment. Other people have told me that I have no alternatives. . . What the > ???? is nfsv4 + kerberos? Yes, I know I can google it. I just have. But > tomorrow morining I'll be back at work and I've a date this evening. > > It's at times like these I wish I'd stayed with my Microsoft rep. Don't be silly > > Do I change my network back to Windows 2000? I'm not a hobbyist. Can anyone > advise me in plain English o EspaƱol? Please, if you do not run a network > then please do not write. So long as you trust all machines on the LAN, you don't have a problem. Basically, it's the same as switching from telnet to ssh. telnet is fine as long as you trust all machines on the network Anders -- Madness takes its toll -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
