diTii.com Digital News Hub

Sign up with your email address to be the first to know about latest news and more.

I agree to have my personal information transfered to MailChimp (more information)

May162010

Configure UNIX based NFS to connect Windows Server for NFS using Kerberos security

This post discuss how to configure a UNIX based NFS client to connect to Windows Server for NFS using Kerberos security with RPCSEC_GSS. “Traditionally NFS clients and servers use AUTH_SYS security. This essentially allows clients to send authentication information by specifying UID/GID of UNIX user to an NFS Server. Each NFS request has UID/GID of the UNIX user specified in incoming request. This method of authentication provides minimal security as client can spoof the request by specifying UID/GID of a different user. This method of authentication is also vulnerable to tampering of NFS request by some 3rd party between client & server on network. RPCSEC_GSS provides a generic mechanism to use multiple security mechanisms with ONCRPC (on which NFS requests are built). Server for NFS currently provides support for two Kerberos “flavors” over NFS using RPCSEC_GSS: krb5 and krb5i. krb5 provides Kerberos authentication at RPC request level, while krb5i (Kerberos v5 with Integrity) also protects NFS payload from tampering,” writes Microsoft.

More Info: Using Kerberos security with Server for NFS

Share This Story, Choose Your Platform!

Do NOT follow this link or you will be banned from the site!