10-02-2007, 03:01 PM
|
| Junior Member | | Join Date: Sep 2009
Posts: 0
| |
 Re: NFS Exporting a samba share
"Nico Kadel-Garcia" wrote in message news:<-IednYCpvp46qGjdRVn_iw@comcast.com>...
> > Which NFS/Kerberos V5 stack have you used?
>
> Like I said, it's been a while. This level of adventurous analysis was going
> in with the latest MIT Kerberos release and Solaris 2.5 and SunOS 4.1.x. I
> took another shot at it about 5 years ago, and had too many problems getting
> it to interoperate well with the Windows systems, then took another shot at
> it maybe 3 years ago and couldn't get the buy in to make the corporate wide
> changes.
[...]
> > Yes indeed, you are casting theory.
[...]
> Look, friend, don't call it "casting theory" when someone's actually tried
> to get the systems to work together and run into the ussue.
Adding end to end Kerberos V5 authenticaton requires modifying the
NFS client and server, i.e. kernel work.
5 years ago, the only systems that support NFS w/ Kerberos were Solaris
and a couple of Windows NFS clients. And the Solaris implementation
didn't have DNS issues you note (though admittedly, the MIT base
much of the code it used did. Sun fixed it. I know, because
I led the folks who wrote the code). And SunOS 4.1.x never had Kerberos
authentication it is NFS client or server. Etc.
So at best, we are talking about something different. At
worst, if you are claiming that 5 years ago you tried it,
and can't identify the one NFS server that had it, and
misidentified SunOS 4.1.x as having it, then you didn't try it.
NFS implementations that adhere to the RFCs noted
below have no inferiority complex when it comes to strong
authentication, privacy, and integrity.
-mre (co-author, RFC 2203, author RFC 2623, which
describe the protocols needed for adding Kerberos
V5 authentication to NFSv4).
 |