Re: Access control for a NFS server

From: Jörg Bornschein (joerg_at_zilium.de)
Date: 01/29/00

  • Next message: Markus Korth: "Access to nfs server, Part 2"
    Date: Sat, 29 Jan 2000 03:20:02 +0100
    To: muldersb@plattsburgh.edu
    
    

    Symen, Thobias,

    > I suppose you could probably tunnel NFS over SSH as well, I've always
    > wanted to try it, but I haven't had time.

    I used to run NFS over IPSec. Everything worked fine; event between
    linux, FreeBSD and W2K. IPSec provides authentication (you asked for)
    and encryption (you COULD turn encryption off and just leave
    authentication in place).

    When running a 2.6.x Kernel everything is in place -- you dont have to
    patch anything.

    See http://www.ipsec-howto.org/.

       j.


  • Next message: Markus Korth: "Access to nfs server, Part 2"

    Relevant Pages

    • Re: MSFT Bans insecure hashes - was"Passwords with Lan Manager (LM) under Windows"
      ... After I pointed out that "IPsec based auth" is not a basic netlogon ... authentication protocol like Kerberos, LM, NTLM and NTLMv2, you said I was ... based auth" to authenticate the request as opposed to LM, NTLM, or NTLMv2. ... Up to 75% of cyber attacks are launched on shopping carts, forms, ...
      (Pen-Test)
    • RE: Passwords with Lan Manager (LM) under Windows
      ... A device's security associations are contained in its Security Association Database ... Internet Protocol Security (IPSec) provides application-transparent encryption services for IP network traffic as well as other network access protections for the Windows 2000 operating system. ... As for "article you reference does indeed use the phrase "IPSec Authentication," but as any who reads it ...
      (Pen-Test)
    • Re: FreeBSD NAT-T patch integration
      ... IPsec is about security and not features. ... mostly evenings and weekends that I can spend on FreeBSD. ... People ask about review. ...
      (freebsd-net)
    • Re: Kerberos machine authentication - apparent authentication fail
      ... as the case may be) which will delay authentication until ... I also have an Intel network adapter and WAP that does not have this> problem and even works well with 802.1X EAP-TLS for domain logon. ... In> most cases [ipsec a possible exception] kerberos authentication is not> needed to access domain resources as long as the client and server use a> common authentication method for lm/ntlm/ntlmv2. ... The main issue is to> NEVER include an ISP dns server in the preferred server list in the tcp/ip> properties or DHCP scope of any domain computer or any computer you want to> join to the domain in which case your computers may be trying to locate the> domain _srv records on the ISP dns server and fail. ...
      (microsoft.public.windows.server.security)
    • Re: IPsec - restrict communcation
      ... IPsec can use three different methods to initially authenticate machines: ... permit, block, or negotiate security, as well as authentication methods ... you don't need the communications to be private. ...
      (microsoft.public.security)