gabriel rosenkoetter on Fri, 14 Dec 2001 19:00:23 +0100

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] NFS Question

On Thu, Dec 13, 2001 at 08:00:22AM -0500, Leonard Rosenthol wrote:
>          You like security holes and poorly designed protocols - don't you ;).

Huh? NFS is plenty secure, especially if you link it against
libwrap, as any sane distro should these days. (Debian, for
instance. All of the BSDs as well.) It won't give mounts to people
you don't explicitly tell it to, and I certainly have heard about
any currently-running nfsd exploits. Have you?

If you're concerned about clear text data, you'll have to justify
the overhead of encryption of network file system access over an
internal network. The right place to protect that is at the border,
presuming you're doing things that don't need to be encrypted

Anyway, your solution isn't one; Samba's "encryption" is a joke. (A
joke who's punchline is "RC4!")

>          Use Samba!
>          CIFS/SMB good (even if it was designed in Redmond)...

That's totally insane. These are two Unix systems. Why should they
use a network file system designed for Win32?

If anything, AFS should replace NFS here. (And it *is* pretty well

gabriel rosenkoetter

Attachment: pgpGP4FBFUX1W.pgp
Description: PGP signature