Re: [OFFTOPIC] Secure network fileserving Linux <-> Linux

From: Jamie Lokier (lk@tantalophile.demon.co.uk)
Date: Thu Sep 06 2001 - 20:53:36 EST

Next message: Jamie Lokier: "Re: nfs is stupid ("getfh failed")"
Previous message: Mike Black: "Re: 2.4.8 NFS Problems"
In reply to: Jesse Pollard: "Re: [OFFTOPIC] Secure network fileserving Linux <-> Linux"
Next in thread: Jesse Pollard: "Re: [OFFTOPIC] Secure network fileserving Linux <-> Linux"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Jesse Pollard wrote:
> > Kerberos won't help either - The only parts of NFS that were kerberized
> > was the initial mount. Everything else uses filehandles/UDP. Encryption
> > doesn't help either - slows the entire network down too much.
>
> I disagree! First of all you can always use NFS over TCP, so much for
> "every thing else uses filehandles/UDP". (No that this improves security,
> but it can improve reliability!)

It can improve security if you use NFS over TCP over SSL...

That may be easier to configure than IPSec in some environments.

-- Jamie
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Jamie Lokier: "Re: nfs is stupid ("getfh failed")"
Previous message: Mike Black: "Re: 2.4.8 NFS Problems"
In reply to: Jesse Pollard: "Re: [OFFTOPIC] Secure network fileserving Linux <-> Linux"
Next in thread: Jesse Pollard: "Re: [OFFTOPIC] Secure network fileserving Linux <-> Linux"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b29 : Fri Sep 07 2001 - 21:00:40 EST