Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!swrinde!zaphod.mps.ohio-state.edu!usc!ucsd!celit!hutch From: hutch@fps.com (Jim Hutchison) Newsgroups: comp.unix.internals Subject: NFS security (was Re: Complex security mechanism is unsecure) Message-ID: <13995@celit.fps.com> Date: 19 Dec 90 21:40:35 GMT References: <6922@titcce.cc.titech.ac.jp> <18826@rpp386.cactus.org> <18827@rpp386.cactus.org> <6948@titcce.cc.titech.ac.jp> <18840@rpp386.cactus.org> <6959@titcce.cc.titech.ac.jp> Sender: daemon@fps.com Reply-To: hutch@fps.com (Jim Hutchison) Organization: FPS Computing Lines: 29 Masataka Ohta and John F. Haugh Jr. have carried on a protracted discussion of the root==nobody versus security problem. Well as we all know, having a mysterious root from workstation X making modifications *without permission* is just not a good thing. Hence "foreign" root == nobody. From there we've observed that daemon and uucp are not all that great to get from workstation X either. This issue has been addressed by the folks over at MIT where everyone can (atleast did) log into lab workstations as root. For a discussion of Kerberos and how it works with NFS, please go to comp.protocols.kerberos. Kerberos may or may not be LAN specific, but it is one solution to passing User Identification over the network. Sun has done some work with secure RPC using a method similar to Kerberos (to my eyes) which provides network-to-local uid translation. Both methods include windows in which the key(s) are valid, and both use up valuable system resources providing the services you folks have requested. Both are interesting solutions to a tough problem resulting from a complex system of user identification. Certainly the system could be made simpler if I could not write to remote files, but then I wouldn't be doing my work. That would lead to my being fired and becoming a beach comber. Hmmm, we may be on to something here. :-) -- - Jim Hutchison {dcdwest,ucbvax}!ucsd!fps!hutch Disclaimer: I am not an official spokesman for FPS computing