On Wed, Apr 15, 2009 at 10:51 AM, Ben Eisenbraun <[email protected]> wrote: > From what I understand of NFSv4, if I set it up to use kerberos, then I can > do this, since only a user with a valid kerberos ticket will be able to > access the files on the share. It seems like a kerberized solution could > work here, but I'm not sure what protocol to use.
We do kerberized NFSv3 for homedirs, shares, etc. Works fine for at least Linux and Mac OS X. :) NFSv4 seems to still have fairly weak support out there, both on clients and servers. > * Yes, I know that if someone has root on the workstation, then all bets > are off, since they can trojan kinit to collect passphrases, steal tickets, > etc. I'm just trying to raise the bar significantly higher than the > standard NFS level of (in)security. Beyond that, if you have root (or physical access which leads to root) you can "su - user" and will have access to their krb tickets, assuming they're still valid. _______________________________________________ bblisa mailing list [email protected] http://www.bblisa.org/mailman/listinfo/bblisa
