Re: Authenticating NFS users
On Sat, 2010-09-04 at 13:29 +0300, Sjoerd Hardeman wrote:
> Op 04-09-10 10:52, Tixy schreef:
> > I'm trying to set up NFS to use in a home made NAS and want to add some
> > form of server based authentication for access. All of the information I
> > can find seems to suggest using kerberos, is there a simpler alternative
> > that could do something like check a username+password?
> You can use NFS via a SSH or VPN tunnel.
I originally tried just using SFTP as that comes for free and requires
no setup. However the throughput was too low (5MB/s) due to maxing out
the CPU on the server machine (a SheevaPlug). I'm guessing VPN would
have similar CPU overheads.
> The reason that it is
> complicated is that when you authenticate to the server, you need also a
> ticket that tells the server you authenticated. Else you'd need to type
> your password every time you check a file on the NFS. Kerberos is a
> clean way of exactly doing that: handing out the tickets to track
> sessions. SSH and VPN tunnels basically do the same: keep a lasting session.
> You can probably try some firewalling techniques for a simple
> a-little-less-easy access to the NFS.
Thanks for the explanation and suggestions. I beginning to question if I
actually need any authentication. The files stored on the NAS don't
contain sensitive data which isn't in encrypted files, and I have
backups in case of deletion. So the probability and risk of malicious
activity on my home network are very low.
Tixy () The ASCII Ribbon Campaign (www.asciiribbon.org)
/\ Against HTML e-mail and proprietary attachments