[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
secure NIS and NFS like services (was Re: networking)
Am I mistaken thinking that there's no way around nfs brokenness on
OpenBSD? AFAIK SecureRPC is necessary to make NFS moderately secure and
SecureRPC is not available anywhere but on Solaris. Or can we still use
Kerberos to authenticate NFS mounts at least?
>>>>> "alex" == alex <email@example.com> writes:
alex> There are solutions out there, but nothing seems to be
alex> general. Sun has NIS+, but that doesn't do me any good if I
alex> want to run OpenBSD and Solaris together. The Coda file
alex> system seems to be a lot safer than NFS, but that isn't
alex> supported everywhere either. Even IPsec, which protects the
alex> link, but doesn't address problems in underlying protocols,
alex> doesn't seem to run on solaris.
alex> So what I'd like to know is how experienced openbsd security
alex> gurus solve these problems, if they solve them at all. Is it
alex> possible to secure NFS, at least on the openbsd side? Do they
alex> use AFS? Is AFS an expensive solution? And what, if
alex> anything, exists for the NIS side of the problem?