On 12/01/2011 04:58 PM, John Hodrien wrote:
On Thu, 1 Dec 2011, Ondrej Valousek wrote:
And how does it affect security? Easily - if you declare nfs/ UPN principal for deneb and nfs/ SPN principal for polaris, you making sure that only polaris can be used as a NFS server and deneb as a NFS client and not vice-versa.
NFS is a freaky oddity though. You've done nothing to stop me running pretty much any other service I like.
jh
Kerberos can not protect you against a malicious root, but it can very well protect you against a malicious user. So if you are a common user, it is very easy to lock the system down the way so you have to use say NFS/Kerberos or nothing else.
That's a different story though...