Re: [k]nfsd, nfs and security questions

Andi Kleen (
18 Nov 1997 01:41:03 +0100 (Alan Cox) writes:

> > 5. while we all know that secure RPC is a misnomer, since the only secure
> > part is the host authentication, and all of the data runs over the wire
> > as cleartext, what is the exact status of the Sec. RPC kernel support?
> Alexey Kutznetsov did a really secure RPC using MD5, I dont know what the
> current state of that is. Given that Elliptic curve appears patent free
> and diffie hellman has expired there is good scope for military spec
> secure RPC now.

The NFS code kernel patch in the linux-nfs package supports sun-style
secure RPC using DES keys. That code got scrapped during the
integration into 2.1 (because of the US export laws), but I think it
would be easy to generate an optional addon module to add it. The code
makes adding other authentification schemes very easy too.