[20941] in bugtraq
Re: SSH / X11 auth: needless complexity -> security problems?
daemon@ATHENA.MIT.EDU (Casper Dik)
Sun Jun 10 17:17:54 2001
Message-Id: <200106081927.VAA23842@romulus.Holland.Sun.COM>
To: Dale Southard <southard1@llnl.gov>
Cc: Peter W <peterw@usa.net>, bugtraq@securityfocus.com
In-reply-to: Your message of "07 Jun 2001 11:45:47 PDT."
<ub6iti8yvqc.fsf@zonker.llnl.gov>
Date: Fri, 08 Jun 2001 21:27:57 +0200
From: Casper Dik <Casper.Dik@Sun.COM>
>The problem isn't the authentication, it's the granularity of the
>authorization that the filesystem affords. NFS leaves authorization
>up to the client host (aka ``No File Security'').
NFS provides most any level of security you desire; not many vendors
implement NFS security, though. NFSv4 requires the implementation
of GSS_API (i.e., Kerberos V based) security in NFS.
Don't complain that NFS is insecure if it's just because you don't
want to invest the time to configure it properly.
Casper
