On Feb 28, 2009, at 5:16 PM, Bob Elzer wrote:
I could probably change uids everywhere so they all match on allmachines, but this seems 1. klunky and 2. really insecure.
Granted, it's a small network with few nodes. Changing uids is probably workable in this case, and may be the solution I end up going with. But it doesn't seem like it scales very well. If I'm uid 1000, how hard is it for any random person to create some uid 1000 on their machine, connect to the network, and access my files with my permissions? That seems pretty insecure to me.
Take a look at this for a similar issue : http://nfsworld.blogspot.com/2006/02/real-authentication-in-nfs.html
Why would you think that ? How is the server going to know it's you, ifevery time you connect, you have a different UID ?
I'd prefer to have some other mechanism for authorization. That's the core of what I'm asking. I will poke at Kerberos a bit, and if I have success setting it up, I will probably go with it. If it seems too involved for my simple little network, then I'll get busy changing uids.
You wouldn't give a different name at different DMV offices would you ?
To me, the better question is 'you wouldn't believe anyone having ID # 1000 is guaranteed to be the same person, would you?'.
thanks, alex
PGP.sig
Description: This is a digitally signed message part
--------------------------------------------------- PLUG-discuss mailing list - [email protected] To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
