Instance: linux Time: 15:01:00 Date: Tue Apr 15 1997 Host: tunafish
From: 861130848 <kretch>

this isn't the guy who works with matt power is it?

Instance: linux Time: 15:01:14 Date: Tue Apr 15 1997 Host: small-gods
From: ... a freshly fallen silent shroud of snow <ghudson>

Presumably it is.

Instance: linux Time: 15:01:25 Date: Tue Apr 15 1997 Host: tunafish
From: 861130878 <kretch>

oh well.

Instance: linux Time: 15:13:47 Date: Tue Apr 15 1997 Host: small-gods
From: ... a freshly fallen silent shroud of snow <ghudson>

I just looked at the guy's code (for the knfs thing) and he
seems to have fixed the problem Matt found.  You do have to
have every remote user in the passwd file.
Instance: linux Time: 15:14:13 Date: Tue Apr 15 1997 Host: sakhmet
From: "Wrote a little code." <nocturne>

context?

Instance: linux Time: 15:14:19 Date: Tue Apr 15 1997 Host: small-gods
From: ... a freshly fallen silent shroud of snow <ghudson>

Read the zlogs.

Instance: linux Time: 15:14:41 Date: Tue Apr 15 1997 Host: small-gods
From: ... a freshly fallen silent shroud of snow <ghudson>

Actually, that won't help you much.  Read the linux-help or
linux-announce discuss archives.

Instance: linux Time: 15:15:31 Date: Tue Apr 15 1997 Host: zygorthian-space-raid
ers
From: Charles M. Hannum <mycroft>

Given how flaky it is *without* Kerberos...

Instance: linux Time: 15:15:56 Date: Tue Apr 15 1997 Host: small-gods
From: ... a freshly fallen silent shroud of snow <ghudson>

Yeah, this is kind of an exercise in futility.

Instance: knfs Time: 17:01:31 Date: Tue Apr 15 1997 Host: zocalo
From: me <nygren>

So how secure is kerberized NFS?
Can't someone just sniff an NFS packet, get a filehandle,
then use it to access files as that user and host?

Instance: knfs Time: 17:02:20 Date: Tue Apr 15 1997 Host: maneki-neko.cygnus.com
From: me <eichin>

what do you mean by "kerberized NFS"? that describes
at least 3 completely different things.  Maybe 4.
Instance: knfs Time: 17:02:29 Date: Tue Apr 15 1997 Host: grover
From: Matthew H. Power <mhpower>

or just use the IP address of a host that already has a mapping...

Instance: knfs Time: 17:02:40 Date: Tue Apr 15 1997 Host: rover.cygnus.com
From: Marc Horowitz (zwrite marc@cygnus.com) <marc@CYGNUS.COM>

if you mean Sun's Secure NFS based on kerberos, it is woefully insecure.
mit's kerberized nfs is worse.

Instance: knfs Time: 17:02:56 Date: Tue Apr 15 1997 Host: opus
From: ... a freshly fallen silent shroud of snow <ghudson>

MIT Kerberized NFS is not secure in the face of filehandle
guessing.  It's really not very useful.

Instance: knfs Time: 17:02:57 Date: Tue Apr 15 1997 Host: zocalo
From: me <nygren>

I'm referring the kerberized NFS for Linux's user-space
NFS that davknav sent mail to linux-announce about.

Instance: knfs Time: 17:04:15 Date: Tue Apr 15 1997 Host: bill-the-cat
From: The Warlord <warlord>

That KNFS implements MIT Kerberized NFS, which
isnt very secure..  It doesn't protect against filehandle guessing attacks,
nor does it defend against other active attacks.

But it is compatible with Athena's 'attach'

Instance: knfs Time: 17:05:06 Date: Tue Apr 15 1997 Host: zocalo
From: me <nygren>

Ah.  Ok.  What I thought.  This should probably
be made clear in any docs of it as I'm sure lots
of users may try to use it, equating kerberized to secure....  ;-)

Instance: knfs Time: 17:06:05 Date: Tue Apr 15 1997 Host: zygorthian-space-raide
rs
From: Charles M. Hannum <mycroft>

In practice, few Kerberized applications are actually secure.

Instance: knfs Time: 17:06:06 Date: Tue Apr 15 1997 Host: bill-the-cat
From: The Warlord <warlord>

Its more secure than non-kerberized NFS...

At least the 'mount' is authenticated and a kerberos mapping is created.

Instance: knfs Time: 17:06:53 Date: Tue Apr 15 1997 Host: opus
From: ... a freshly fallen silent shroud of snow <ghudson>

"a kerberos mapping is created"?  What does that mean?

Instance: knfs Time: 17:07:15 Date: Tue Apr 15 1997 Host: zygorthian-space-raide
rs
From: Charles M. Hannum <mycroft>

(For example, Cygnus's own Kerberized CVS has the standard `authenicate only
at the beginning' lose...)

Instance: knfs Time: 17:07:19 Date: Tue Apr 15 1997 Host: bill-the-cat
From: The Warlord <warlord>

kerberos principal -> NFS ID mappings

Instance: knfs Time: 17:07:23 Date: Tue Apr 15 1997 Host: zocalo
From: me <nygren>

It just uses kerberos to add <user,host> pairs to the
ACL on the nfs server, right?

Instance: knfs Time: 17:07:47 Date: Tue Apr 15 1997 Host: opus
From: ... a freshly fallen silent shroud of snow <ghudson>

Uh, it merely sets up a <claimed host, claimed uid> ->
local uid mapping.


Instance: knfs Time: 17:08:27 Date: Tue Apr 15 1997 Host: bill-the-cat
From: The Warlord <warlord>

It should at least compare the IP address in the kerberos tickets
against the claimed-host in the NFS mapping.

Instance: knfs Time: 17:09:59 Date: Tue Apr 15 1997 Host: maneki-neko.cygnus.com
From: me <eichin>

I'm not sure -- I thought it allowed "proxy" requests,
actually.
Instance: knfs Time: 17:10:29 Date: Tue Apr 15 1997 Host: bill-the-cat
From: The Warlord <warlord>

Proxy-requests? What do you mean?

Instance: knfs Time: 17:11:33 Date: Tue Apr 15 1997 Host: maneki-neko.cygnus.com
From: me <eichin>

authenticate, then enable mappings for a different
host. (from back when the code hadn't been widely ported.)

Instance: knfs Time: 17:12:59 Date: Tue Apr 15 1997 Host: bill-the-cat
From: The Warlord <warlord>

Umm, I dont think that mode is supported..
Besides, the client code is simple -- its the server that has the problem