Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!zaphod.mps.ohio-state.edu!samsung!uunet!mcsun!ukc!strath-cs!baird!jim From: jim@cs.strath.ac.uk (Jim Reid) Newsgroups: comp.protocols.nfs Subject: Re: group permissions when root Message-ID: Date: 26 Jun 91 12:16:26 GMT References: <15008@exodus.Eng.Sun.COM> <6720@eastapps.East.Sun.COM> <4978@skye.ed.ac.uk> <7958@spdcc.SPDCC.COM> <15542@exodus.Eng.Sun.COM> Sender: jim@cs.strath.ac.uk Organization: Computer Science Dept., Strathclyde Univ., Glasgow, Scotland. Lines: 22 In-reply-to: db@argon.Eng.Sun.COM's message of 20 Jun 91 05:07:08 GMT In article <15542@exodus.Eng.Sun.COM> db@argon.Eng.Sun.COM (David Brownell) writes: Secure NFS,... has addressed this problem. Secure NFS is an oxymoron. It's the same NFS protocol, but requires a better authentication system. It has a better authentication system, but not much better. For one thing, NIS (Yellow Pages) is used to distribute the keys. You might as well announce those keys on peak-time TV for all the "security" NIS offers. For another, the actual file data being read or written is not encrypted. It still gets passed in cleartext. Finally, the so-called secure NFS requires DES hardware to work at reasonable speed. This makes it almost unusable outside the USA because Uncle Sam doesn't want the rest of the world to have access to DES hardware. Secure NFS is a bit like finding that the bank vault is made of cheap cardboard: from a distance it looks OK, but a close inspection reveals the horrible truth. Jim