[4687] in Kerberos
NFS security & interoperability
daemon@ATHENA.MIT.EDU (Jurgen Botz)
Mon Feb 27 11:08:58 1995
To: kerberos@MIT.EDU
Date: 27 Feb 1995 15:42:32 GMT
From: jbotz@mtholyoke.edu (Jurgen Botz)
I'm using NFS in a highly heterogeneous setup, and am currently not
using "secure" RPC since it is not supported on at least one of my
current platforms, Ultrix. While I realize that the security provided
by secure RPC is somewhat limited, I do think that if I'm to continue
using NFS for user file systems I need to do /something/ to better
protect my users's privacy.
I expect to be running 4.4BSD (NetBSD and/or BSD/OS) on a number of
servers and workstations in the future, replacing all or most of the
machines that are currently running Ultrix... I understand that BSD
now has Kerberos authentication in conjunction with NFS, but this
seems not to be available on many/any other platforms.
In short, it seems impossible to enhance NFS security while simultaneously
maintaining the high level of interoperability that makes NFS so useful.
I would like to know what other people are doing... it seems to me that
the options are basically:
- keep running NFS without any user authentication (bad)
- limit platform choices to those that support secure RPC (undesirable
as even dropping Ultrix this rules out BSD and Linux)
- run something other than NFS (AFS maybe, but platform choices are
still limited)
With AFS on the way out (at least Transarc is not porting it to
anything new, although I have heard that MIT is porting it to NetBSD)
and DCE/DFS being vapor at best, I am at a loss as to which direction
to move with regard to building a heterogeneous distributed
invironment with an acceptable level of privacy. Any thoughts would
be greatly appreciated.
