Re: need help with NFS and user authentication

Top Page
Attachments:
Message as email
+ (text/plain)
+ PGP.sig (application/pgp-signature)
+ (text/plain)
Delete this message
Reply to this message
Author: Alex Dean
Date:  
To: Main PLUG discussion list
Subject: Re: need help with NFS and user authentication

On Feb 28, 2009, at 5:16 PM, Bob Elzer wrote:

>>> I could probably change uids everywhere so they all match on all
> machines, but this seems 1.
> klunky and 2. really insecure.


Granted, it's a small network with few nodes. Changing uids is
probably workable in this case, and may be the solution I end up going
with. But it doesn't seem like it scales very well. If I'm uid 1000,
how hard is it for any random person to create some uid 1000 on their
machine, connect to the network, and access my files with my
permissions? That seems pretty insecure to me.

Take a look at this for a similar issue : http://nfsworld.blogspot.com/2006/02/real-authentication-in-nfs.html

>
> Why would you think that ? How is the server going to know it's you,
> if
> every time you connect, you have a different UID ?


I'd prefer to have some other mechanism for authorization. That's the
core of what I'm asking. I will poke at Kerberos a bit, and if I have
success setting it up, I will probably go with it. If it seems too
involved for my simple little network, then I'll get busy changing uids.

>
> You wouldn't give a different name at different DMV offices would
> you ?


To me, the better question is 'you wouldn't believe anyone having ID #
1000 is guaranteed to be the same person, would you?'.

thanks,
alex
---------------------------------------------------
PLUG-discuss mailing list -
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss