Dominik Kubla <kubla@sciobyte.de>:
On Wed, Sep 05, 2001 at 05:12:48PM -0500, Jesse Pollard wrote:
>
> Kerberos won't help either - The only parts of NFS that were kerberized
> was the initial mount. Everything else uses filehandles/UDP. Encryption
> doesn't help either - slows the entire network down too much.
I disagree! First of all you can always use NFS over TCP, so much for
"every thing else uses filehandles/UDP". (No that this improves security,
but it can improve reliability!)
Yes - but it won't work in the environment. As you pointed out, it works
under Solaris. No MACs, No Linux, and no MS windows (which would likely be
present in a lab).
Second, without physical security you can't protect the access keys - hence
no kerberos.
-------------------------------------------------------------------------
Jesse I Pollard, II
Email: pollard@navo.hpc.mil
Any opinions expressed are solely my own.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Fri Sep 07 2001 - 21:00:34 EST