From: "J. Bruce Fields" <bfields@fieldses.org>
To: Paul Jakma <paul@clubi.ie>
Cc: Trond Myklebust <trond.myklebust@fys.uio.no>,
seth vidal <skvidal@phy.duke.edu>,
hjl@users.sourceforge.net, nfs@lists.sourceforge.net
Subject: Re: NFSv4 daemons...
Date: Fri, 23 Jan 2004 11:20:18 -0500 [thread overview]
Message-ID: <20040123162018.GC26511@fieldses.org> (raw)
In-Reply-To: <Pine.LNX.4.58.0401231453070.2140@fogarty.jakma.org>
On Fri, Jan 23, 2004 at 02:54:36PM +0000, Paul Jakma wrote:
> On Thu, 8 Jan 2004, Trond Myklebust wrote:
> > rpc.gssd is necessary if you want to use strong authentication (for
> > NFSv2/v3 as well as for NFSv4).
>
> Does this implement data stream encryption? (rpcsec as opposed to rpc
> auth? (possibly getting my jargon wrong here))
There are three levels levels of protection provided by rpcsec_gss, from
weakest to strongest:
authentication only: the header of each rpc request is signed, so you
who sent the request.
integrity: the body of each packet is also signed, so you know
the request itself hasn't been tampered with.
privacy: the body of each packet is encrypted, to prevent
eavesdropping.
In the krb5 case, these are selected using mount options (sec=krb5,
sec=krb5i, or sec=krb5p). Mainline 2.6 currently supports the first of
these. Patches in -mm support integrity. But privacy hasn't been
implemented yet (it's been done before, there's bits and pieces of code
still lying around, it just needs some time and effort).
--Bruce Fields
-------------------------------------------------------
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn
_______________________________________________
NFS maillist - NFS@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfs
next prev parent reply other threads:[~2004-01-23 16:20 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-01-09 0:34 NFSv4 daemons Trond Myklebust
2004-01-09 3:41 ` seth vidal
2004-01-09 4:06 ` Trond Myklebust
2004-01-09 17:09 ` Bogdan Costescu
2004-01-09 20:45 ` trond.myklebust
2004-01-23 14:54 ` Paul Jakma
2004-01-23 16:20 ` J. Bruce Fields [this message]
2004-01-24 3:41 ` Paul Jakma
2004-01-09 15:27 ` Steve Dickson
2004-01-09 21:05 ` William A.(Andy) Adamson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20040123162018.GC26511@fieldses.org \
--to=bfields@fieldses.org \
--cc=hjl@users.sourceforge.net \
--cc=nfs@lists.sourceforge.net \
--cc=paul@clubi.ie \
--cc=skvidal@phy.duke.edu \
--cc=trond.myklebust@fys.uio.no \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.