Re: (OT) The NFS security system
In article <[🔎] 200209131802.17432.rasa@gmx.ch>,
Raffaele Sandrini <rasa@gmx.ch> wrote:
>I added to the exports file of a Debian machine a line like the following
>
>/ 10.10.1.0/24(rw,no_root_squash)
>
>I know i know i should not do that... its was only for that test.
>
>I tried to connect from a Win32 machine (in the above subnet) using a Win32
>NFS client to that share and was not able... I set the UID to 0 and the GID
>to 0 and got everytime a "Auth failed".
Windows problem I guess. Perhaps you should turn authentication off.
>After that i tired to connect from another Debian machine logeed in as Root
>and was perfectly able to mount...
So Linux works fine.
>I'm am now not sure how NFS verifies a user...
It doesn't!
>a. Does the client send the username with his mount query to the server and
>the server looks at his passwd file to check if the user exists (and not
>looking at the password) or
No.
>b. Does the Client send the username AND the password with the mount querry
>and the server verifies if that is correct?
No.
>c. An all different way? :-))
Yes. There is no authentication at all. Every request just contains
a numeric user-id and group-id that specifies the user that the
request should be run as, and the server trusts the client completely.
There is "secure NFS" and also kerberized NFS but I don't
think anybody ever wrote a Linux implementation.
So basically there is no NFS security system ..
Mike.
Reply to: