On Fri, 21 Mar 2008, Jim Carter wrote: > Unfortunately Kerberos is used to authenticate the client *host*, so > hostbased impersonation schemes (rogue laptops) no longer work, but it > still relies on the client to honestly report the alphabetic loginID and > group ID of the client user, and so is vulnerable to a generic root > exploit on the client.
I don't believe that to be the case -- Kerberos NFS authenticates the end-users. If you're actually using Kerberos security, any access from a local user without appropriate credentials is mapped to the nobody account (or simply denied, I don't recall which) -- Paul B. Henson | (909) 979-6361 | http://www.csupomona.edu/~henson/ Operating Systems and Network Analyst | [EMAIL PROTECTED] California State Polytechnic University | Pomona CA 91768 _______________________________________________ autofs mailing list [email protected] http://linux.kernel.org/mailman/listinfo/autofs
