Date: Wed, 3 Jul 1996 14:06:35 -0700 (MST) From: Terry Lambert <terry@lambert.org> To: wollman@lcs.mit.edu (Garrett Wollman) Cc: terry@lambert.org, compland@ism.com.br, questions@freebsd.org Subject: Re: Secure NFS Message-ID: <199607032106.OAA11265@phaeton.artisoft.com> In-Reply-To: <9607032046.AA09843@halloran-eldar.lcs.mit.edu> from "Garrett Wollman" at Jul 3, 96 04:46:11 pm
next in thread | previous in thread | raw e-mail | index | archive | help
> >> Is it possible to set portmon variable, like in SunOS, in Freebsd to > >> watch out the NFS mounts, forcing the request to come from a privileged port ? > >> It's possible to set secure NFS in Freebsd ? > > > This is the default. You must use -n to disable it (man mountd). > > Of course, this really has nothing to do with security, it's just a > stupid restriction on Sun's part to paper over the fact that standard > NFS isn't secure. It's more secure in the sense that vouchsafe authentication is more secure than not having passwords at all. The question is in how you define, firewall, and administer vouchsafe secure zones. It is *possible* to do this in a reasonable way, even if many of us dislike the idea because the typical administrator does not have enough experience to do it correctly. It is a tightrope, and it is possible to walk a tightrope, but few people can do it correctly. Terry Lambert terry@lambert.org --- Any opinions in this posting are my own and not those of my present or previous employers.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199607032106.OAA11265>