[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: nfs exports
> FWIW, using LDAP/NIS/whatever is the "right" way to have the user
> lists in sync.
yeah, but thusfar i havent gotten ldap authentication to ever work
right, and i only have a pair of boxes to deal with. i will try to
get it going the "Right Way"(tm) "Real Soon Now"(tm) ;}
> NFS has no authentication other than IP address checking, and you know
> how easy it is to spoof an IP. (You can do some real authentication
> with Kerberos, but, honestly, Kerberos frightens me.) It is also
> completely unencrypted, so anyone on the wire can sniff your NFS
> traffic.
ok so basically i should consider this to be almost like mounting a
local partition? where all security is done locally and the
"partition" doesnt try to handle it itself eh? i will be using
iptables to make sure access only happens from the intranet side.
shouldnt be any spoofing going on there unless i am doing it :)
> Yes, NFS really does mean "No F*ing Security", but it is fast and
> trivial to set up, so it is still the most useful network-based
> filesystem on Linux IMHO.
i guess this is why i have always heard that nfs is best left to ro shares
Casey
-
To unsubscribe, send email to majordomo@silug.org with
"unsubscribe silug-discuss" in the body.