[aklug] Re: NFS Security

From: Arthur Corliss <acorliss@nevaeh-linux.org>
Date: Sat Apr 02 2011 - 10:59:49 AKDT

On Fri, 1 Apr 2011, Christopher Howard wrote:

> Not quite clear on this from my google research: Does NFSv4 have
> built-in encryption? Or do you have to setup an SSH tunnel?

It uses GSSAPI for authentication purposes, but no transport-level
encryption, which is no different that CIFS from what I understand. I doubt
either one will bother with future development for that but let IPsec handle
it for them instead.

So, this is protocol is meant of internal LAN use, not for public networks.
If you're running a managed network that shouldn't provide much cause to be
concerned. Unless you're going to run this over wireless... but they'll
never break TKIP or AES, right? ;-)

         --Arthur Corliss
           Live Free or Die
---------
To unsubscribe, send email to <aklug-request@aklug.org>
with 'unsubscribe' in the message body.
Received on Sat Apr 2 11:00:00 2011

This archive was generated by hypermail 2.1.8 : Sat Apr 02 2011 - 11:00:00 AKDT