linux file sharing

Derek Atkins warlord at MIT.EDU
Sun Oct 28 11:37:36 EST 2001 

Take a look at OpenAFS (www.openafs.org).  It uses Kerberos to
authenticate users to the file system, provides per-directory access
controls (much finer-grain types of ACLs than Unix acls), and even
encrypts on-the-wire data transfers.

-derek

Ron Peterson <ron.peterson at yellowbank.com> writes:

> When discussing the barriers to Linux's widespread adoption on the
> desktop, the usual discussion revolves around application compatibility
> with MS Office.
> 
> There's another problem though, I think.  I'm hoping that it's only my
> own ignorance, but I can't concieve of a way to /securely/ provide
> centralized file sharing to Linux desktops.  At least not in a way that I
> could easily maintain across a multitude of desktops.
> 
> NFSv2 and v3 are both insecure.  If the client computer is on my desktop,
> I can reinstall Linux, give myself root, and then connect as any user I
> want.  Samba's smbmount can prompt for a password, but not if you use
> autofs.  This is the best solutions I can think of so far, particularly if
> combined with SSL.
> 
> I really prefer autofs, however, as it allows a simple expression like
> 
> *	hostname:/path/to/home/&
> 
> to fill in for all users (nfs example, but you get the idea).  I.E. - easy
> maintenance on the client side.  However, autofs will not prompt for
> passwords.  So the aforementioned catchall config line doesn't work, and
> you need to maintain individual user records containing usernames and
> passwords in plain text.
> 
> Is there a way to out of this quandry that I'm not aware of?  NFSv4 seems
> to recognize and address these concerns.  However, there only appear to be
> two open implementations: a kernel level client and server at umich
> (http://www.citi.umich.edu/projects/nfsv4/), and a userspace client and
> server being developed by the Samba folks (http://n4.samba.org).  both
> projects, however, appear to be in the very early stages of development.
> 
> Is there other solutions to this problem that I'm not thinking of?
> 
> -- 
> 
> -Ron-
> https://www.yellowbank.com/
> 
> _______________________________________________
> Discuss mailing list
> Discuss at blu.org
> http://www.blu.org/mailman/listinfo/discuss

-- 
       Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
       Member, MIT Student Information Processing Board  (SIPB)
       URL: http://web.mit.edu/warlord/    PP-ASEL-IA     N1NWH
       warlord at MIT.EDU                        PGP key available

More information about the Discuss mailing list