[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

secure NIS and NFS like services (was Re: networking)

Am I mistaken thinking that there's no way around nfs brokenness on
OpenBSD? AFAIK SecureRPC is necessary to make NFS moderately secure and
SecureRPC is not available anywhere but on Solaris. Or can we still use
Kerberos to authenticate NFS mounts at least?

>>>>> "alex" == alex  <alex@crawfish.suba.com> writes:

    alex> There are solutions out there, but nothing seems to be
    alex> general.  Sun has NIS+, but that doesn't do me any good if I
    alex> want to run OpenBSD and Solaris together.  The Coda file
    alex> system seems to be a lot safer than NFS, but that isn't
    alex> supported everywhere either.  Even IPsec, which protects the
    alex> link, but doesn't address problems in underlying protocols,
    alex> doesn't seem to run on solaris.

    alex> So what I'd like to know is how experienced openbsd security
    alex> gurus solve these problems, if they solve them at all.  Is it
    alex> possible to secure NFS, at least on the openbsd side?  Do they
    alex> use AFS?  Is AFS an expensive solution?  And what, if
    alex> anything, exists for the NIS side of the problem?