[Samba] Setting up ADS in Samba with MIT kerberos mapping/backend
Adam Tauno Williams
adamtaunowilliams at gmail.com
Wed Mar 19 13:58:45 GMT 2008
> Don't use NFS. It is trivial to compromise the security of NFS - you
> simply need root on something, set your IP and su as needed. If the
> tactic is not clear poke me off list. NFS is never the answer outside
> of the data center.
I don't believe this is true. For one, NFS can squash root access. And
NFSv4 supports Kerberos authentication.
<http://www.freesoftwaremagazine.com/columns/securing_nfs>
<http://nfsworld.blogspot.com/2006/02/real-authentication-in-nfs.html>
I'm not advocating NFS, just pointing out that the NFS-is-insecure
arguement isn't true in a Kerbized network.
--
Adam Tauno Williams, Network & Systems Administrator
Consultant - http://www.whitemiceconsulting.com
Developer - http://www.opengroupware.org
More information about the samba
mailing list