On Tue, Jul 01, 2003 at 10:40:02AM -0700, timothy farrell wrote:
> Also known as the Network Failure System.
>
> NFS is great for maintaining permissions and ease of setup. It's security
> and stability model are debatable
Now, now... the only reason they're 'debatable' is that so few people
actually bother setting up proper security in NFS. It can be, admittedly,
a complex operation; and one that many versions of UNIX don't fully
support. Most of the security runs at the RPC/XDR level rather than
directly as part of NFS itself.
Linux does seem to support AUTH_DES, which at least performs some
validation of the identity so you can't easily pass yourself off as
someone else. Doesn't seem to support the full RPCSEC_GSS, the General
Security Service, though.
It's sort of like Telnet. There _are_ encryption and high-security
authentication options for Telnet that make it in theory every bit as
good as SSH; possibly more flexible. Problem is they didn't get added to
the standard until after everybody was already using telnet and already
'knew' that it was insecure.
> Samba is fine for windows integration, but permissions are not maintained
There are options to maintain the basic bits like Archive, but they
result in really odd permissions values on the UNIX end. And the full
NT-style ACLs are at least in part supported (there are several options
regarding them in the smb.conf file) but I'm not sure how complete the
support is.
---------------------------+---------------------------------------------------
Bryan Feir VA3GBF|"Advertising may be described as the science of
Home:[EMAIL PROTECTED] | arresting human intelligence long enough to get
| money from it." -- Stephen Leacock
---------------------------+---------------------------------------------------
--
[EMAIL PROTECTED] mailing list
