From: Trond Myklebust <trond.myklebust@fys.uio.no>
Subject: Re: NFSv3+Krb5 and mountd
Date: Mon, 30 Aug 2004 12:45:02 -0400
Sender: nfs-admin@lists.sourceforge.net
Message-ID: <1093884302.8729.21.camel@lade.trondhjem.org>
References: <20040824184138.GB3251@nasse>
	 <Pine.LNX.4.61.0408300238530.2441@fogarty.jakma.org>
	 <20040830020132.GA28919@fieldses.org>  <20040830154541.GA3671@nasse>
Mime-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Cc: "J. Bruce Fields" <bfields@fieldses.org>, Paul Jakma <paul@clubi.ie>,  nfs@lists.sourceforge.net
To: Per Olofsson <pelle@dsv.su.se>
In-Reply-To: <20040830154541.GA3671@nasse>
Errors-To: nfs-admin@lists.sourceforge.net

P=E5 m=E5 , 30/08/2004 klokka 11:45, skreiv Per Olofsson:

> OK, I understand. I don't really need authenticated mount requests
> though, I only need authenticated file system accesses. In other
> words, I don't care who mounts the file system as long as they can't
> impersonate a user without a valid ticket. Is this easier to
> implement? Does it have any other security implications?

This is already implemented...

The RPCSEC_GSS implementation that is in linux-2.6.x already follows the
guidelines in RFC2623 when you mount an NFSv2 or v3 partition. (The same
RFC also includes a brief discussion of the security implications of
this model.)

You'll need a patched version of "mount" though. The one distributed as
part of Fedora Core 2 should work...

Cheers,
  Trond


-------------------------------------------------------
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_id=5047&alloc_id=10808&op=click
_______________________________________________
NFS maillist  -  NFS@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfs