(Illustration by Gaich Muramatsu)
Max Berger wrote: > > I suggest to simply implement all types which are supported for NFSv3 in > > Solaris 8. > > This includes: > > - none (no authentification - like anonymous NFS access to ftp sites) > > - sys (uid+gid auth.) > I don't like trusting other computers too much... Sure, but both are usefull: a) uid/gid: usefull in a trusted environment b) none: anonymous CODA access (same as "anonymous NFS access" to ftp sites (starting with Solaris 2.8 Sun's nfsd as extended support for this (like logging etc.)) > > - dh (publickey scheme used by publickey.byname YP map (or cred.org_dir > > NIS+ table) > sounds good > > > - kerberos5 > is supported via fallback to kerberos4 Uhm... note that many sites turned (or want to turn) kerb4 compatibility off if the last application has been either "killed" or moved to kerb5. > > - GSS-API > I don't know about that. > > What I meant by identification is not the identification of the user, but > rather of the server. If I have a server, which is identified by a unique > asyncrounous key (rsa, x509, ssh-hostkey, ...?) then I can trust that > server enouth to send it my plain password. Of course, then I need a > really secure line, which is what we want blowfish for. What about using IPSec for encryption instead of hacking this all into CODA ? ---- Bye, Roland -- __ . . __ (o.\ \/ /.o) Roland.Mainz_at_informatik.med.uni-giessen.de \__\/\/__/ gisburn_at_informatik.med.uni-giessen.de /O /==\ O\ MPEG specialist, C&&JAVA&&Sun&&Unix programmer (;O/ \/ \O;) TEL +49 641 99-41370 FAX +49 641 99-41359Received on 2000-12-01 08:10:20