[EMAIL PROTECTED] (Sam Hartman) writes:
I think you may be out of luck. Really the first version of NFS
that seems to be particularly secure is NFS version 4. There are
some attempts to add Kerberos to previous versions of NFS, but I'm
unconvinced of the security of most of them.
Solaris 8 (and above?) has nfssec(5). From the man page:
The NFS security modes are described as follows:
sys Use AUTH_SYS authentication. The user's UNIX user-id and group-ids are passed in the clear on the network, unauthenticated by the NFS server. This is the sim- plest security method and requires no additional administration. It is the default used by Solaris NFS Version 2 clients and Solaris NFS servers.
dh Use a Diffie-Hellman public key system ( AUTH_DES, which is referred to as AUTH_DH in the forthcoming Internet RFC).
krb4 Use the Kerberos Version 4 authentication system ( AUTH_KERB, which is referred to as AUTH_KERB4 in a forthcoming Internet RFC).
I believe this is a mistake in the docs. Solaris 8 (or later) do NOT support
Kerberos V4, only V5.
They do support Kerberos V5. Download the SEAM package for Solaris 8 (free from www.sun.com). Also get the "encryption pack" to enable privacy (i.e. encryption) protection - this is only for Solaris 8, encryption pack is not needed for Solaris 9.
SEAM for Solaris 8 includes NFSv3 with Kerberos in 3 modes - authentication only, auth + integrity protection, and auth+ integ + privacy.
There are also documentatin books at docs.sun.com that explain how to configure and use NFS with Kerberos.
-Wyllys
none Use null authentication ( AUTH_NONE). NFS clients using AUTH_NONE have no identity and are mapped to the anonymous user nobody by NFS servers. A client [...]
See also secure_rpc(3NSL). This of course doesn't help the OP.
________________________________________________ Kerberos mailing list [EMAIL PROTECTED] https://mailman.mit.edu/mailman/listinfo/kerberos
