FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.

» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Debian > Debian User
Reload this Page Authenticating NFS users

 
 
LinkBack Thread Tools
 
Old 09-04-2010, 07:52 AM
Tixy
 
Default Authenticating NFS users
I'm trying to set up NFS to use in a home made NAS and want to add some
form of server based authentication for access. All of the information I
can find seems to suggest using kerberos, is there a simpler alternative
that could do something like check a username+password?

Thanks in advance.

--
Tixy () The ASCII Ribbon Campaign (www.asciiribbon.org)
/ Against HTML e-mail and proprietary attachments


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 1283586758.12740.10.camel@computer2.home">http://lists.debian.org/1283586758.12740.10.camel@computer2.home
 
Old 09-04-2010, 10:29 AM
Sjoerd Hardeman
 
Default Authenticating NFS users
Op 04-09-10 10:52, Tixy schreef:
> I'm trying to set up NFS to use in a home made NAS and want to add some
> form of server based authentication for access. All of the information I
> can find seems to suggest using kerberos, is there a simpler alternative
> that could do something like check a username+password?
You can use NFS via a SSH or VPN tunnel. The reason that it is
complicated is that when you authenticate to the server, you need also a
ticket that tells the server you authenticated. Else you'd need to type
your password every time you check a file on the NFS. Kerberos is a
clean way of exactly doing that: handing out the tickets to track
sessions. SSH and VPN tunnels basically do the same: keep a lasting session.
You can probably try some firewalling techniques for a simple
a-little-less-easy access to the NFS.

Sjoerd
 
Old 09-04-2010, 11:26 AM
Tixy
 
Default Authenticating NFS users
On Sat, 2010-09-04 at 13:29 +0300, Sjoerd Hardeman wrote:
> Op 04-09-10 10:52, Tixy schreef:
> > I'm trying to set up NFS to use in a home made NAS and want to add some
> > form of server based authentication for access. All of the information I
> > can find seems to suggest using kerberos, is there a simpler alternative
> > that could do something like check a username+password?
> You can use NFS via a SSH or VPN tunnel.

I originally tried just using SFTP as that comes for free and requires
no setup. However the throughput was too low (5MB/s) due to maxing out
the CPU on the server machine (a SheevaPlug). I'm guessing VPN would
have similar CPU overheads.

> The reason that it is
> complicated is that when you authenticate to the server, you need also a
> ticket that tells the server you authenticated. Else you'd need to type
> your password every time you check a file on the NFS. Kerberos is a
> clean way of exactly doing that: handing out the tickets to track
> sessions. SSH and VPN tunnels basically do the same: keep a lasting session.
> You can probably try some firewalling techniques for a simple
> a-little-less-easy access to the NFS.

Thanks for the explanation and suggestions. I beginning to question if I
actually need any authentication. The files stored on the NAS don't
contain sensitive data which isn't in encrypted files, and I have
backups in case of deletion. So the probability and risk of malicious
activity on my home network are very low.

--
Tixy () The ASCII Ribbon Campaign (www.asciiribbon.org)
/ Against HTML e-mail and proprietary attachments


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 1283599589.2464.32.camel@computer2.home">http://lists.debian.org/1283599589.2464.32.camel@computer2.home
 
Old 09-04-2010, 11:41 AM
Jordon Bedwell
 
Default Authenticating NFS users
On 9/4/2010 5:29 AM, Sjoerd Hardeman wrote:

Op 04-09-10 10:52, Tixy schreef:

I'm trying to set up NFS to use in a home made NAS and want to add some
form of server based authentication for access. All of the information I
can find seems to suggest using kerberos, is there a simpler alternative
that could do something like check a username+password?

You can use NFS via a SSH or VPN tunnel. The reason that it is
complicated is that when you authenticate to the server, you need also a
ticket that tells the server you authenticated. Else you'd need to type
your password every time you check a file on the NFS. Kerberos is a
clean way of exactly doing that: handing out the tickets to track
sessions. SSH and VPN tunnels basically do the same: keep a lasting session.
You can probably try some firewalling techniques for a simple
a-little-less-easy access to the NFS.

Sjoerd



Well, on a non-public facing NFS /etc/exports would do the trick on
which hosts can mount what. There is also auth_sys, but that relies on
a sort of trust ring really. As far as SSH tunneling, it's an
unnecessary overhead if it's not a public network or public-facing
network (on the entire network), if it's not public-facing and has wifi
or people you can't trust who access it, I would then look into stream
encryption. Normally in a cheapo situation I would have a public
non-public NIC where the NAS server is on the non-public end tied to a
switch and the public end (all computers but the NAS server) is simply
tied to a router on the first NIC.



--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Archive: 4C823067.8010206@envygeeks.com">http://lists.debian.org/4C823067.8010206@envygeeks.com
 

Thread Tools




All times are GMT. The time now is 11:04 PM.

VBulletin, Copyright ©2000 - 2013, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright ©2007 - 2008, www.linux-archive.org

Contact Us - Linux Archive - Archive - Top -