It have nothing to do with NFS security; it is related to ONC RPC security. The whole
point behind RPC is to free client-server programmers from certion tasks;
Security is one of them.
For a Linux solution see:
http://www.fit.qut.edu.au/~ashley/sesp5b.html
Guy Cohen wrote:
> At this (Sun, May 02, 1999 at 04:19:24PM +0300) day, Alex Shnitman wrote:
> | Hi.
> |
> | Is anybody aware of an alternative to NFS that works the way ssh does,
> | i.e. does authentication not according to the IP but according to the
> | existance of the right key on the other side? Some kind of NFS with
> | public-key cryptoraphy? In other words, something that is to NFS what
> | ssh is to rsh.
>
> Theres an on going poject of ietf concerning secure IP connection.
> Check out http://www.ietf.org/html.charters/ipsec-charter.html for basic ground,
> and plany links about Internet-Drafts and rfc's.
> Try there is also a mailing (preety nosie - about 20 mails a day - but preety
>intersting) list at [EMAIL PROTECTED]
>
> from linux's Security-HOWTO:
> 6.3 Linux x-kernel IPSEC Implementation
> Along with CIPE, and other forms of data encryption, there is also an implemention
>of IPSEC for Linux. IPSEC is an effort by the IETF to create cryptographically secure
>communications at the IP network level, which also provides authentication,
>integrity, access control, and confidentiality. Information on IPSEC and Internet
>draft can be found at http://www.ietf.org/html.charters/ipsec-charter.html. You can
>also find links to other protocols involving key management, and an IPSEC mailing
>list and archives.
>
> The Linux implementation, which is being developed at the University of Arizona,
>uses an object-based framework for implementing network protocols called x-kernel,
>and can be found at http://www.cs.arizona.edu/xkernel/hpcc-blue/linux.html. Most
>simply, the x-kernel is a method of passing messages at the kernel level, which makes
>for an easier implementation.
>
> As with other forms of cryptography, it is not distributed with the kernel by
>default due to export restrictions.
>
> --
> Guy Cohen <[EMAIL PROTECTED]>
