[lpi-discuss] Re (snip) more personal opinion (on NFS)

Bryan J. Smith b.j.smith at ieee.org
Wed Oct 20 22:40:06 EDT 2004

On Wed, 2004-10-20 at 20:47, Matt Benjamin wrote:
> traditional NFS very much is less secure than alternatives.

When you compare a 10+ year design to the latest "alternatives," of
course.  But if you use something like SFS, which provides at least
system-level authentication as well, it can be quite sufficient.

Most advocates of CIFS/SMB ("Windows Networking") are not familiar with
_series_limitations_ of it -- both for legacy as well as even as
ADS-implemented.  IPSec and SMB Signing were two PITAs that I've had
regular issues with at a Fortune 20 company that not even the on-site
Microsoft consultants could resolve (and they told us to disable them).

> This doesn't appear to be an issue with NFSv4--but the superiority of 
> NFSv4 isn't implementation trivia, either, its security is by design.

I'm not even getting into NFSv4, which addresses more of the user-level
authentication and authorization considerations.  Now combined with SFS
and system-level authentication, it's very sufficient in comparision to

This discussion is not trival.  But the concepts presented on the LPIC-1
exams _are_.  The NFS concepts are basic enough that they are not only
applicable to NFS, but how UNIX/Linux platforms export and mount remote
filesystems -- which was my general argument.

Bryan J. Smith                                  b.j.smith at ieee.org 
"Communities don't have rights. Only individuals in the community
 have rights. ... That idea of community rights is firmly rooted
 in the 'Communist Manifesto.'" -- Michael Badnarik

More information about the lpi-discuss mailing list