Securing NFS

NFS is a network protocol with which many UNIX-administrators have a love/hate relationship. On the one hand, it’s the ideal protocol if you need to export a filesystem from a UNIX-like system. On the other, it has a bit of a reputation of being insecure. Since a rogue system can just tell an NFS server that “hey, I’m representing a user with UID 1000, please remove all the files in my home directory”, this reputation may not be totally undeserved.

Or is it?

Authenticating on the network

Usually, I get annoyed at having to authenticate myself to each and every service I set up; after all, my passwords are the same everywhere, since I make sure of that myself. On Windows, I wouldn’t have to do that; once I log in, Windows is able to communicate credentials to each and every service that asks for them. But something similar is impossible on GNU/Linux, right? Wrong.

Single sign-on

Subscribe to RSS - kerberos