What linux lacks most - a decent remote fs

Stuart Sears stuart at sjsears.com
Wed Mar 26 14:41:27 UTC 2008


Neal Becker wrote:
> I used unix/linux for many years.  In the past we've used nfs.  But
> nfsv3 has no (useful) authentication.  Anyone can setup a rogue
> machine and pretend to be any uid/gid.
> 
> I understand that nfsv4 was supposed to fix that.  Looking at the
> docs I could find, it appears I'll never live long enough to
> understand how to set that up, and I haven't yet found the idiot's
> guide to setting up nfsv4 with authentication.

You need to set up a kerberos infrastructure for the authentication to
work properly. Once you do, you'll have the ability to encrypt traffic
as well as authenticating users. But all of your users will have to have
a kerberos principal and all of your machines will also have to have
their host/hostname at REALM principals extracted correctly.

If you don't know kerberos you are heading for a world of pain.

The closest thing to useful docs I can find is:

http://www.freeipa.com/page/ConfiguringRHEL5Client

but the tools used are specific to freeipa.
You would need to set up  a kerberos KDC first, which is documented
elsewhere...

> For now I'm using cifs.  That's pretty sad.
why? If it works...


> I've glanced at afs, but there's no Fedora package.
once again, AIUI afs uses kerberos for this. I have not researched this
much, though.

Regards,

Stuart
--
Stuart Sears RHC*




More information about the users mailing list