Re: Authenticating NFS users

[Jordon Bedwell <jordon@envygeeks.com>]

 On 9/4/2010 5:29 AM, Sjoerd Hardeman wrote:
> Op 04-09-10 10:52, Tixy schreef:
> > I'm trying to set up NFS to use in a home made NAS and want to add some
> > form of server based authentication for access. All of the information I
> > can find seems to suggest using kerberos, is there a simpler alternative
> > that could do something like check a username+password?
> You can use NFS via a SSH or VPN tunnel. The reason that it is
> complicated is that when you authenticate to the server, you need also a
> ticket that tells the server you authenticated. Else you'd need to type
> your password every time you check a file on the NFS. Kerberos is a
> clean way of exactly doing that: handing out the tickets to track
> sessions. SSH and VPN tunnels basically do the same: keep a lasting session.
> You can probably try some firewalling techniques for a simple
> a-little-less-easy access to the NFS.
>
> Sjoerd

Well, on a non-public facing NFS /etc/exports would do the trick on 
which hosts can mount what.  There is also auth_sys, but that relies on 
a sort of trust ring really.  As far as SSH tunneling, it's an 
unnecessary overhead if it's not a public network or public-facing 
network (on the entire network), if it's not public-facing and has wifi 
or people you can't trust who access it, I would then look into stream 
encryption.  Normally in a cheapo situation I would have a public 
non-public NIC where the NAS server is on the non-public end tied to a 
switch and the public end (all computers but the NAS server) is simply 
tied to a router on the first NIC.