Xref: utzoo comp.protocols.nfs:225 comp.sys.ibm.pc:29752
Path: utzoo!utgpu!jarvis.csri.toronto.edu!rutgers!apple!ames!lll-winken!uunet!mcvax!inria!mirsa!huitema
From: huitema@mirsa.inria.fr (Christian Huitema)
Newsgroups: comp.protocols.nfs,comp.sys.ibm.pc
Subject: Re: PCNFS and security
Message-ID: <183@mirsa.inria.fr>
Date: 5 Jun 89 08:27:42 GMT
References: <11714@bloom-beacon.MIT.EDU>
Organization: INRIA, Sophia Antipolis. France
Lines: 15

From article <11714@bloom-beacon.MIT.EDU>, by jfc@athena.mit.edu (John F Carr):
> ................   Until there is an encrypted NFS, this is about as good
> security as you can get...

Obviously, the current NFS protocol is ``as insecure as possible'', 
and until the Kerberos fixed are applied, security can only be achieved 
by physical protection -- in short, use it in a physically controlled 
small size local net, and trust all the users...

However, Kerberos will not solve everything, for much of the weakness
derives from two major design choices: a stateless protocol + mount per
host. Greater security would be achieved with a connection oriented
model + one connection per user.

Christian Huitema