Re: NFSv4 security model

New Message	Reply	About this list	Date view	Thread view	Subject view	Author view	Attachment view

From: Mike Eisler (mike@eisler.com)
Date: 01/24/03-05:37:08 PM Z

Next message: Noveck, Dave: "RE: [Dan.Oscarsson@kiconsulting.se: Comments on NFSv4 rfc3010bis- 05 draft]"
Previous message: Nicolas Williams: "Re: [Dan.Oscarsson@kiconsulting.se: Comments on NFSv4 rfc3010bis- 05 draft]"
In reply to: Dai_Peng@emc.com: "Re: NFSv4 security model"

Message-ID: <3E31CE24.22EAA6EC@eisler.com>
Date: Fri, 24 Jan 2003 15:37:08 -0800
From: Mike Eisler <mike@eisler.com>
Subject: Re: NFSv4 security model

Dai_Peng@emc.com wrote:

> Even if the above can be done, there is still significant difference
> between AUTH_SYS/IPSec and RPCSEC_GSS/kerberos. The
> former approach relies on the client machine to properly authenticate
> the user (the uid/gids are credentials acquired as a result of the
> authentication);
> while the latter relies on the server machine to do that. So using the
> first approach, compromising one machine would affect all users;
> while in the second approach, only users using the compromised
> machine are affected.

I think we are in violent agreement then.

Next message: Noveck, Dave: "RE: [Dan.Oscarsson@kiconsulting.se: Comments on NFSv4 rfc3010bis- 05 draft]"
Previous message: Nicolas Williams: "Re: [Dan.Oscarsson@kiconsulting.se: Comments on NFSv4 rfc3010bis- 05 draft]"
In reply to: Dai_Peng@emc.com: "Re: NFSv4 security model"

New Message	Reply	About this list	Date view	Thread view	Subject view	Author view	Attachment view

This archive was generated by hypermail 2.1.2 : 03/04/05-01:50:49 AM Z CST