NFS4 and remote access
J. Bruce Fields
bfields at fieldses.org
Wed Apr 18 16:17:30 EDT 2007
On Wed, Apr 18, 2007 at 09:14:33PM +0100, Ian Grant wrote:
> On Wed, 2007-04-18 at 16:03 -0400, Trond Myklebust wrote:
> > On Wed, 2007-04-18 at 20:45 +0100, Ian Grant wrote:
> > > Yes, we have had this working from within our own site, where we trust
> > > the machines we manage. I should have been more clear: I meant remote
> > > access from other institutions, cyber-cafe's etc. where we cannot
> > > necessarily trust anything beyond the ssh session. We don't want the
> > > user typing kinit and entering their kerberos key.
> >
> > If you don't trust the keyboard that you are using to type with, then
> > you cannot enter _any_ passwords that could be reused. The only way to
> > deal with that would be use-once passwords (including for the ssh
> > session itself).
>
> Yes. That is why we don't allow password-based ssh authentication. Just
> public keys.
So you're trusting their private ssh keys to the cybercafe machines that
they're logging on from?
--b.
More information about the NFSv4
mailing list