Coda File System

Re: making rpc2 more Secure

From: Roland Mainz <Roland.Mainz_at_informatik.med.uni-giessen.de>
Date: Fri, 01 Dec 2000 14:09:34 +0100
Max Berger wrote:

> > I suggest to simply implement all types which are supported for NFSv3 in
> > Solaris 8.
> > This includes:
> > - none (no authentification - like anonymous NFS access to ftp sites)
> > - sys (uid+gid auth.)
> I don't like trusting other computers too much...

Sure, but both are usefull:
a) uid/gid: usefull in a trusted environment
b) none: anonymous CODA access (same as "anonymous NFS access" to ftp
sites (starting with Solaris 2.8 Sun's nfsd as extended support for this
(like logging etc.))

> > - dh (publickey scheme used by publickey.byname YP map (or cred.org_dir
> > NIS+ table)
> sounds good
> 
> > - kerberos5
> is supported via fallback to kerberos4

Uhm... note that many sites turned (or want to turn) kerb4 compatibility
off if the last application has been either "killed" or moved to kerb5.

> > - GSS-API
> I don't know about that.
> 
> What I meant by identification is not the identification of the user, but
> rather of the server. If I have a server, which is identified by a unique
> asyncrounous key (rsa, x509, ssh-hostkey, ...?) then I can trust that
> server enouth to send it my plain password. Of course, then I need a
> really secure line, which is what we want blowfish for.

What about using IPSec for encryption instead of hacking this all into
CODA ?

----

Bye,
Roland

-- 
  __ .  . __
 (o.\ \/ /.o) Roland.Mainz_at_informatik.med.uni-giessen.de
  \__\/\/__/  gisburn_at_informatik.med.uni-giessen.de
  /O /==\ O\  MPEG specialist, C&&JAVA&&Sun&&Unix programmer
 (;O/ \/ \O;) TEL +49 641 99-41370 FAX +49 641 99-41359
Received on 2000-12-01 08:10:20