[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: CODA + portmapper == insecure?

On Mon, Sep 03, 2001 at 08:56:35PM -0400, Doug Alcorn wrote:

> I'm interested in doing CODA file system over the internet.  It has
> all the features of a networked filesystem that I'm interested in.
> The only problem seems to be that it requires the use of the
> portmapper.  From my NFS day, I seem to remember that portmapper is
> insecure.

Unless you already have a CODA/Kerberos setup to tie into, or need the
ability to work disconnected or some other CODA-specific feature, I'd
consider SFS (http://www.fs.net/) -- no new filesystems or databases
required, works like NFS, but without portmap listening on an external
interface. Portmap *does* listen on localhost on the SFS server, but
that's all.

I plan on using it for file services to clients outside my local
subnet. At least when I tested it, the speed wasn't great (2MB/s on a
100Mbit network, compared to 8MB/s with regular NFS on the same
network and same sufficiently powerful machines), but that may have
been a local configuration problem, fixed in more recent versions, or
irrelevant to your situation.

Woody and Sid should both have SFS packages already made, but those
packages ported back to Potato with minimal effort several months ago.

-- 
Mike Renfro  / R&D Engineer, Center for Manufacturing Research,
931 372-3601 / Tennessee Technological University -- renfro@tntech.edu
Reply to: