Bull GNU/Linux NFSv4 project

NFSv4 security

Test

This was not originaly a test. When setting up a Kerberised NFSv4 configuration, I note the client's administrator does not need any valid ticket to mount a remote filesystem

After asking the developpers, this was done by design to help development. However, I will pubish soon a method to disable this behaviour.

Conclusion

Beaware!

Software configuration

Server :

Export options are : /export <gssd/krb5>(rw,wdelay,insecure,no_root_squash,no_subtree_check,fsid=0)

mount options, NFSv4 : rsize=32768,wsize=32768,timeo=14,intr,noauto -osec=krb5
Linux 2.6.12-rc3-CITI_NFS4_ALL-1

hardware configuration

Client

2 processors : Intel(R)
Xeon(TM) CPU 2.80GHz, cache 512 KB
Total memory: 2Gb
Ethernet: 1Gb/s link
Distribution : modified Fedora Core 2

Server

4 processors : Intel(R) Xeon(TM) CPU 2.80GHz, cache 512 KB
Total memory: 24Gb
Ethernet: 1Gb/s link
Distribution : modified Fedora Core 2

Tests summary

This page is not displayed correctly? Please, use a browser written on this century

Page maintained by: Vincent Roqueta		Accessed times since its creation.
	Last update: 2005, September 23