[Samba] Setting up ADS in Samba with MIT kerberos mapping/backend
James Pulver
jmp242 at mail.lepp.cornell.edu
Wed Mar 19 14:31:49 GMT 2008
Instead of discussing NFS too much, does anyone have a way to make this
work with Samba, or am I out of luck, and do have to try a different
filesystem?
OT: Why can't mailing lists have reply go to the list?
--
James Pulver
Information Technology Area Supervisor
LEPP Computer Group
Cornell University
John Hodrien wrote:
> On Wed, 19 Mar 2008, Pat Riehecky wrote:
>
>> Don't use NFS. It is trivial to compromise the security of NFS - you
>> simply need root on something, set your IP and su as needed. If the
>> tactic is not clear poke me off list. NFS is never the answer outside
>> of the data center.
>
> Let's not unfairly slag off NFS here. Yes, NFS when configured to use
> AUTH_SYS trusts the client machine. But if you used krb5 with nfs it's a
> whole different ball game. Yes it's often not used in that way, but it
> worked
> with NFSv3, and it works with NFSv4.
>
> There are far cleverer criticisms you can have of NFSv3 than that.
>
> jh
>
More information about the samba
mailing list