Authenticating NFS users
On 9/4/2010 5:29 AM, Sjoerd Hardeman wrote:
Op 04-09-10 10:52, Tixy schreef:
I'm trying to set up NFS to use in a home made NAS and want to add some
form of server based authentication for access. All of the information I
can find seems to suggest using kerberos, is there a simpler alternative
that could do something like check a username+password?
You can use NFS via a SSH or VPN tunnel. The reason that it is
complicated is that when you authenticate to the server, you need also a
ticket that tells the server you authenticated. Else you'd need to type
your password every time you check a file on the NFS. Kerberos is a
clean way of exactly doing that: handing out the tickets to track
sessions. SSH and VPN tunnels basically do the same: keep a lasting session.
You can probably try some firewalling techniques for a simple
a-little-less-easy access to the NFS.
Well, on a non-public facing NFS /etc/exports would do the trick on
which hosts can mount what. There is also auth_sys, but that relies on
a sort of trust ring really. As far as SSH tunneling, it's an
unnecessary overhead if it's not a public network or public-facing
network (on the entire network), if it's not public-facing and has wifi
or people you can't trust who access it, I would then look into stream
encryption. Normally in a cheapo situation I would have a public
non-public NIC where the NAS server is on the non-public end tied to a
switch and the public end (all computers but the NAS server) is simply
tied to a router on the first NIC.
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact email@example.com