Coda File System

Re: making rpc2 more Secure

From: Max Berger <>
Date: Wed, 22 Nov 2000 23:48:30 +0100 (CET)

On Wed, 22 Nov 2000, Roland Mainz wrote:
> I suggest to simply implement all types which are supported for NFSv3 in
> Solaris 8. 
> This includes:
> - none (no authentification - like anonymous NFS access to ftp sites)
> - sys (uid+gid auth.)
I don't like trusting other computers too much...

> - dh (publickey scheme used by publickey.byname YP map (or cred.org_dir
> NIS+ table)
sounds good

> - kerberos5
is supported via fallback to kerberos4

I don't know about that.

What I meant by identification is not the identification of the user, but
rather of the server. If I have a server, which is identified by a unique 
asyncrounous key (rsa, x509, ssh-hostkey, ...?) then I can trust that
server enouth to send it my plain password. Of course, then I need a
really secure line, which is what we want blowfish for.

> Bye,
> Roland


Max Berger

XSLT:          PGP/GnuPG ID: E81592BC
FSMPI:  F489F8759D4132923EC4 BC7E072AB73AE81592BC 
Received on 2000-11-22 17:48:55