[16670] in Kerberos_V5_Development
Re: Kerberized NFS Vs NFS over VPN tunnel
daemon@ATHENA.MIT.EDU (Frank Cusack)
Tue Mar 8 13:24:48 2011
Date: Tue, 08 Mar 2011 10:24:40 -0800
From: Frank Cusack <frank+krb@linetwo.net>
To: sandeep patil <san_patil@hotmail.com>, krbdev <krbdev@mit.edu>
Message-ID: <CEF9B19B49890830BC8CAEC5@dhcp-172-19-80-246.mtv.corp.google.com>
In-Reply-To: <BAY156-w44CCA4CC14FA69F759FD6C8CC70@phx.gbl>
MIME-Version: 1.0
Content-Disposition: inline
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krbdev-bounces@mit.edu
On 3/7/11 4:15 AM +0000 sandeep patil wrote:
> In other words does a VPN tunnel between NFS
> client system and NFS server system override the need to have a
> kerberized NFS infrastructure ?
No. The two are unrelated. Even though I authenticate to the VPN
(assuming it involves user-level authentication and said authentication
is strong), if you use "insecure" NFS I can impersonate (wrt NFS) any
user at will. *That* is the problem that kerberized NFS is fixing
and VPN does not change that.
_______________________________________________
krbdev mailing list krbdev@mit.edu
https://mailman.mit.edu/mailman/listinfo/krbdev
