On Sunday 23 December 2007 19:31:45 primm wrote:
nfs is good, it mostly just works. But v3 has drawbacks in security, so if you're not in total control of the network, it might not be so good
nfsv4 + kerberos can provide real authentication and encryption though, so you still don't have to abandon nfs
4 years ago it cost me two days work and a 300 Euro installation cost from an engineer who also sold me the licences for my workstations. That was w2000.
It was plagued by viruses and most of my hardware wan't recognised so I had to fork out for new machines too. 5000 Euros later.
I'm now reading that Linux nfs which I installed by yast all by myself is also a security risk.
It is a security risk in that it's not encrypted.
Another problem is that the nfs server in versions 3 and below fully trusts the client about user IDs. It won't put viruses on your machines, but it does mean that if you don't control the root account on all machines, anyone can read any file, or write to any share.
What? So, I login as me. There is no way nfs will let me write to the folders of other users. Unless the other user has given me permission to do so. What do you mean by 'control the root account on all machines'? No one else other than me can login as root on any box on my network.
That is exactly what I mean by "controlling the root account". So you don't have a problem then Anders -- Madness takes its toll -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org