Subject: Re: 2 questions about nfs
To: Chuck Yerkes <firstname.lastname@example.org>
From: Luke Mewburn <email@example.com>
Date: 04/10/2003 18:39:51
On Thu, Apr 10, 2003 at 01:14:18AM -0400, Chuck Yerkes wrote:
| Quoting Caffeinate The World (firstname.lastname@example.org):
| > > PS. please no comments about security. it's my home network.
| > Sorry Wojciech I can't answer your question. However, I DO have a
| > question regarding NFS security. If it's insecure, what are the secure
| > alternatives?
| NFS over IPSec perhaps
That works, but it's only secure at the transport layer. All the
other issues regarding NFS "security" are still present.
I'm currrently experimenting with SFS (pkgsrc/security/sfs)
as a replacement to NFS over IPsec, and I'm liking it so far.
I'd like to "branch out" and use SFS between more systems
and try it across the 'net as well; currently I just use it on
across my wireless network, and I still use NFS on the wired network.
SFS has some nice features, such as each user (even on the same
machine) needs to authenticate before they can access (non public)
exports, and it has a remote command execution framework that can
leverage off the same authentication infrastructure.