(nohats.ca)

266 points longwave | 4 comments | 25 Jan 16 11:21 UTC | HN request time: 2.606s | source

Show context

Hello71 ◴[25 Jan 16 13:38 UTC] No.10967064[source]▶

>>10966571 (OP) #

> NFS ran in plaintext and used the sender’s IP address for authentication

and it still does

replies(2): >>10967085 #>>10967370 #

1. markild ◴[25 Jan 16 13:43 UTC] No.10967085[source]▶

>>10967064 #

There are solutions though[1]

[1]: https://wiki.debian.org/NFS/Kerberos

replies(1): >>10967510 #

2. pjc50 ◴[25 Jan 16 15:04 UTC] No.10967510[source]▶

>>10967085 (TP) #

Actually getting Kerberos+NFS to work is a huge pain, though. Then there's the consideration of userid mapping.

replies(1): >>10967774 #

3. toast0 ◴[25 Jan 16 15:48 UTC] No.10967774[source]▶

>>10967510 #

Userid mapping is easy: Centrally manage the password file, so you don't need to map. Anything else is madness; hopefully you figure this out early, it is painful to fix later.

replies(1): >>10972319 #

4. gm3dmo ◴[26 Jan 16 07:37 UTC] No.10972319{3}[source]▶

>>10967774 #

Too right. The madness arrives when you have to retrofit the mapping and people have used different uid numbers for the same user and different users have the same uid across machines.

↑

Why the Sun 2 has a message “Love your country, but never trust its government”