[Samba] Setting up ADS in Samba with MIT kerberos mapping/backend
John Hodrien
johnh at comp.leeds.ac.uk
Wed Mar 19 14:19:47 GMT 2008
On Wed, 19 Mar 2008, Pat Riehecky wrote:
> Don't use NFS. It is trivial to compromise the security of NFS - you
> simply need root on something, set your IP and su as needed. If the
> tactic is not clear poke me off list. NFS is never the answer outside
> of the data center.
Let's not unfairly slag off NFS here. Yes, NFS when configured to use
AUTH_SYS trusts the client machine. But if you used krb5 with nfs it's a
whole different ball game. Yes it's often not used in that way, but it worked
with NFSv3, and it works with NFSv4.
There are far cleverer criticisms you can have of NFSv3 than that.
jh
--
"An occupation is wrong, building a wall around these people is wrong,
shooting children for throwing stones is wrong, stealing peoples land is
wrong - that's not very complicated at all" -- Norman Finklestein
More information about the samba
mailing list