From: Mike Eisler (mike@eisler.com)
Date: 01/16/03-11:51:34 AM Z
Message-ID: <3E26F126.6090907@eisler.com>
Date: Thu, 16 Jan 2003 09:51:34 -0800
From: Mike Eisler <mike@eisler.com>
Subject: Re: NFSv4 security model
Shaya Potter wrote:
>(apologies in advance if this is the wrong forum for these questions)
>
This is the correct forum.
>
>
>I'm trying to understand the NFSv4 Security model, and am wondering if
>anyone has any good pointers (beyond the RFC) on it (papers, talk
>slides...)
>
At www.connectathon.org there are talks from 1995 onward
that deal with security for NFS and RPC. Authors of interest include
Dan Nessett, Lin Ling, Ram Marti, Jack Kabat, and Mike Eisler. There's
nothing specific about the security model because the model
is essentially that of NFS over AUTH_DES (since renamed to AUTH_DH,
and now deprecated). The white paper by Goldberg and
Taylor from the Summer 1986 USENIX Conference has a clean description
of the model.
>
>
>also a simple question. Is the security model made in a way that allows
>one to authenticate the entire client machine i.e. get the security one
>would get from running current NFS over ipsec, but w/o the ipsec
>requirement. (uid/gid pair of process of client determines access
>rights)
>
NFSv4 mandates the implementation of RPCSEC_GSS
w/ Kerberos V5, SPKM-3, and LIPKEY.
Like AUTH_DH, the mandatory security mechanisms are oriented toward
authenticating individual users, and not
client machines. There's nothing preventing one from deploying
security mechanisms for NFSv4 that authenticate machines, but
since those mechanisms are not mandatory, the in theory the chances of
achieving interoperability are lower. That said, I'm sad to say
that AUTH_SYS and its de-facto trusted client model are likely
to be used with NFSv4 for a long time, simply because it
it is trivial to set up compared to anything that is actually
secure.
-mre
This archive was generated by hypermail 2.1.2 : 03/04/05-01:50:46 AM Z CST