On Friday 25 July 2003 16:02, Cory Petkovsek wrote: > Maybe it's just me, but I'm surprised that nfs is so widely > used. It seems to be very insecure for an internal lan.
Yes, NFS is not secure and is only appropriate where 1) each node on the LAN can be trusted; and 2) no one outside your trusted group can "plug in" to your LAN. The only places *I* ever use it are at home and in LTSP kiosks. > "security" I see it using is host based and client uid based. > Neither of which are good internal security. Is this all nfs > can do? That is correct. > I can imagine evil_cracker from plugging in his laptop > configured with an allowed IP and his username as my uid and > mounting rw network shares. It's worse than that. If you're root on your own machine, then the server will also allow you in as root. > Sheesh, putting ipsec on every machine and using opportunistic > encryption internally seems more and more attractive and worth > the setup. Or just use Kerberos. Already an open standard. Ken _______________________________________________ EuG-LUG mailing list [EMAIL PROTECTED] http://mailman.efn.org/cgi-bin/listinfo/eug-lug
