[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: nfs exports

To: silug-discuss@silug.org
Subject: Re: nfs exports
From: Casey Boone <caseyboone@gmail.com>
Date: Mon, 22 Nov 2004 10:18:32 -0600
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:references; b=KYR5BPmQ6+8NQrNN3/SAxCSti9XYN/KQm6/f9uFrfqzySDvwjUtaEdRC8ED2bo7b/fyge+qNKNaexZPGKSb8BLc18rALu81wCKM7q9NeuNJvbsYCUpUvaDtuDfhQZU23g9C3I7StRRCxCXGCCU87IsGUkVVtWsPkzfqq1+1pOQU=
In-Reply-To: <20041122141315.GC25218@osiris.silug.org>
Organization: Southern Illinois Linux Users Group
References: <c563274104112123032225f2ee@mail.gmail.com> <20041122141315.GC25218@osiris.silug.org>
Reply-To: Casey Boone <caseyboone@gmail.com>
Sender: silug-discuss-owner@silug.org

> FWIW, using LDAP/NIS/whatever is the "right" way to have the user
> lists in sync.

yeah, but thusfar i havent gotten ldap authentication to ever work
right, and i only have a pair of boxes to deal with.  i will try to
get it going the "Right Way"(tm) "Real Soon Now"(tm) ;}

 
> NFS has no authentication other than IP address checking, and you know
> how easy it is to spoof an IP.  (You can do some real authentication
> with Kerberos, but, honestly, Kerberos frightens me.)  It is also
> completely unencrypted, so anyone on the wire can sniff your NFS
> traffic.

ok so basically i should consider this to be almost like mounting a
local partition? where all security is done locally and the
"partition" doesnt try to handle it itself eh?  i will be using
iptables to make sure access only happens from the intranet side. 
shouldnt be any spoofing going on there unless i am doing it :)


> Yes, NFS really does mean "No F*ing Security", but it is fast and
> trivial to set up, so it is still the most useful network-based
> filesystem on Linux IMHO.

i guess this is why i have always heard that nfs is best left to ro shares

Casey

-
To unsubscribe, send email to majordomo@silug.org with
"unsubscribe silug-discuss" in the body.

Follow-Ups:
- Re: nfs exports
  - From: Casey Boone <caseyboone@gmail.com>

References:
- nfs exports
  - From: Casey Boone <caseyboone@gmail.com>
- Re: nfs exports
  - From: Steven Pritchard <steve@silug.org>

Prev by Date: Re: fc3 + iptables
Next by Date: Re: nfs exports
Prev by thread: Re: nfs exports
Next by thread: Re: nfs exports
Index(es):
- Date
- Thread