need help with NFS and user authentication
Alex Dean
alex at crackpot.org
Sat Feb 28 19:10:51 MST 2009
On Feb 28, 2009, at 5:16 PM, Bob Elzer wrote:
>>> I could probably change uids everywhere so they all match on all
> machines, but this seems 1.
> klunky and 2. really insecure.
Granted, it's a small network with few nodes. Changing uids is
probably workable in this case, and may be the solution I end up going
with. But it doesn't seem like it scales very well. If I'm uid 1000,
how hard is it for any random person to create some uid 1000 on their
machine, connect to the network, and access my files with my
permissions? That seems pretty insecure to me.
Take a look at this for a similar issue : http://nfsworld.blogspot.com/2006/02/real-authentication-in-nfs.html
>
> Why would you think that ? How is the server going to know it's you,
> if
> every time you connect, you have a different UID ?
I'd prefer to have some other mechanism for authorization. That's the
core of what I'm asking. I will poke at Kerberos a bit, and if I have
success setting it up, I will probably go with it. If it seems too
involved for my simple little network, then I'll get busy changing uids.
>
> You wouldn't give a different name at different DMV offices would
> you ?
To me, the better question is 'you wouldn't believe anyone having ID #
1000 is guaranteed to be the same person, would you?'.
thanks,
alex
-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 194 bytes
Desc: This is a digitally signed message part
Url : http://lists.PLUG.phoenix.az.us/pipermail/plug-discuss/attachments/20090228/44c11402/attachment.pgp
More information about the PLUG-discuss
mailing list