Coda File System

Re: making rpc2 more Secure

From: Roland Mainz <Roland.Mainz_at_informatik.med.uni-giessen.de>
Date: Wed, 22 Nov 2000 03:28:49 +0100
Max Berger wrote:

> we are currently planning on using coda at our university. For reasons of
> simpicicity we want to share the password databse with the unix password.
> 
> I know - the RPC2 protocol ist definitely not secure enough to do so. This
> is why we are currently working on some ideas:
> 
> - Authentication (Are you really my server?) via RSA, probably using the
> ssh-keys.
> - Encryption via blowfish instead of XOR.
> 
> The whole thing will be available on european servers, no worrying about
> patents or export regulations ;)
> 
> Are you interested in this solutions? Has anyone worked on anything like
> this yet? And last, but not least: Would these thing be sufficient for
> security?

I suggest to simply implement all types which are supported for NFSv3 in
Solaris 8. 
This includes:
- none (no authentification - like anonymous NFS access to ftp sites)
- sys (uid+gid auth.)
- dh (publickey scheme used by publickey.byname YP map (or cred.org_dir
NIS+ table)
- kerberos5
- GSS-API

----

Bye,
Roland

-- 
  __ .  . __
 (o.\ \/ /.o) Roland.Mainz_at_informatik.med.uni-giessen.de
  \__\/\/__/  gisburn_at_informatik.med.uni-giessen.de
  /O /==\ O\  MPEG specialist, C&&JAVA&&Sun&&Unix programmer
 (;O/ \/ \O;) TEL +49 641 99-41370 FAX +49 641 99-41359
Received on 2000-11-21 21:29:30