Re: Machine authentication

From: Darren J Moffat (Darren.Moffat@Sun.COM)
Date: 12/18/01


Date: Tue, 18 Dec 2001 10:08:37 +0000
From: Darren J Moffat <Darren.Moffat@Sun.COM>
To: James Craig <jmc@cs.rit.edu>

On 12/17/01 18:58, James Craig wrote:

>
> We are looking for a way to authenticate machines such that when
> a machine asks for an NFS mount, the server can trust it is that
> machine. I believe NIS+ can provide this, but how about kerberos,
> or DES? How would one set this up in a Solaris 8 environment?

You don't need NIS+ to use AUTH_DH (sec=dh on the share_nfs/mount_nfs
line), however since NIS is easily spoofed I wouldn't recommened it,
using NIS+ (since it runs over AUTH_DH) is a better idea.

Or and this is what I would recommend for new deployments is to go to
Kerberos (sec=krb5*), for Solaris 8 you need to install the unbundled
SEAM package to get the KDC (if you don't already have one, an MIT
KDC will work just fine), if you just want NFS the OS has everything
else you need.

Search the Answerbook on docs.sun.com for Kerberos and NFS (use only
the Solaris 8 book or you will get old referecnes to Kerberos IV instead
of V).

-- 
Darren J Moffat