NFS security (was Re: Complex security mechanism is unsecure)

[Jim Hutchison]

Masataka Ohta and John F. Haugh Jr. have carried on a protracted discussion
of the root==nobody versus security problem.  Well as we all know, having a
mysterious root from workstation X making modifications *without permission*
is just not a good thing.  Hence "foreign" root == nobody.

>From there we've observed that daemon and uucp are not all that great to get
from workstation X either.

This issue has been addressed by the folks over at MIT where everyone can
(atleast did) log into lab workstations as root.  For a discussion of
Kerberos and how it works with NFS, please go to comp.protocols.kerberos.
Kerberos may or may not be LAN specific, but it is one solution to passing
User Identification over the network.

Sun has done some work with secure RPC using a method similar to Kerberos
(to my eyes) which provides network-to-local uid translation.

Both methods include windows in which the key(s) are valid, and both use up
valuable system resources providing the services you folks have requested.
Both are interesting solutions to a tough problem resulting from a complex
system of user identification.

Certainly the system could be made simpler if I could not write to remote
files, but then I wouldn't be doing my work.  That would lead to my being
fired and becoming a beach comber.  Hmmm, we may be on to something here. :-)
--
-
Jim Hutchison		{dcdwest,ucbvax}!ucsd!fps!hutch
Disclaimer:  I am not an official spokesman for FPS computing