On Feb 28, 2009, at 5:16 PM, Bob Elzer wrote:

>>> I could probably change uids everywhere so they all match on all
> machines, but this seems 1.
> klunky and 2. really insecure.

Granted, it's a small network with few nodes.  Changing uids is  
probably workable in this case, and may be the solution I end up going  
with.  But it doesn't seem like it scales very well.  If I'm uid 1000,  
how hard is it for any random person to create some uid 1000 on their  
machine, connect to the network, and access my files with my  
permissions?  That seems pretty insecure to me.

Take a look at this for a similar issue : http://nfsworld.blogspot.com/2006/02/real-authentication-in-nfs.html

>
> Why would you think that ? How is the server going to know it's you,  
> if
> every time you connect, you have a different UID ?

I'd prefer to have some other mechanism for authorization.  That's the  
core of what I'm asking.  I will poke at Kerberos a bit, and if I have  
success setting it up, I will probably go with it.  If it seems too  
involved for my simple little network, then I'll get busy changing uids.

>
> You wouldn't give a different name at different DMV offices would  
> you ?

To me, the better question is 'you wouldn't believe anyone having ID #  
1000 is guaranteed to be the same person, would you?'.

thanks,
alex