Linked by Thom Holwerda on Thu 15th Jun 2006 15:36 UTC, submitted by user123
NetBSD "Network attached storage has been known to Unix users for a very long time with NFS. NFS is reliable, performs well on the performance front, but it is infamous for its security. The biggest problem with NFS is that the client is responsible for controlling user file access. The NFS server just accepts file system operations on behalf of a given UID and enforces nearly no control. NFS require you trust your clients, something that may not be adequate. Andrew File System is an alternative network file system. In this interview, I ask Ty Sarna about his experience with AFS. Ty Sarna has been an AFS user since 1992 and is a NetBSD developer since 1998."
Thread beginning with comment 133813
To read all comments associated with this story, please click here.
What about RPCSEC_GSS?
by EmmEff on Thu 15th Jun 2006 16:41 UTC
EmmEff
Member since:
2005-09-16

NFS on Solaris has had RPCSEC_GSS support for several years now. Support on Linux has been added recently and does work. Of course, it requires the addition of a Kerberos KDC on your network but RPCSEC_GSS does add much-needed security to NFS.

Reply Score: 2

RE: What about RPCSEC_GSS?
by EmmEff on Thu 15th Jun 2006 21:11 in reply to "What about RPCSEC_GSS?"
EmmEff Member since:
2005-09-16

Replying to my own post...

I just looked it up. According to the co-designer of RPCSEC_GSS (Mike Eisler), Secure NFS using Kerberos 5 has been available since 1998.

Reply Parent Score: 3