Host based authentication
Ian Grant
Ian.Grant at cl.cam.ac.uk
Fri Apr 20 07:10:38 EDT 2007
On Thu, 19 Apr 2007 15:21:44 -0400
"J. Bruce Fields" <bfields at fieldses.org> wrote:
> On Thu, Apr 19, 2007 at 10:28:14AM +0100, Ian Grant wrote:
> > What I was asking about is whether there is a way to get an NFSV4
> > server to trust the clients and allow all privs to user's files,
> > but only when the client machine can supply machine credentials. So
> > it's host-based authentication, but with machine credentials
> > instead of just by IP address.
>
> I suppose you could run non-kerberized NFS over ipsec or ssh tunnels
> or something. That seems like roughly the same security model.
I don't think that would help.
This came up because of ssh tunnels. With e.g. a Netapp filer with
NFSV4 enabled, any user who has ordinary (i.e. user-level, not root)
access to a client host trusted for auth-sys can masquerade as any
other user with full privileges, as far as the server is concerned. All
they need to do is tunnel NFSV4 over an ssh connection through the
trusted host. Then on the untrusted host, all they need is a user with
the same login name. It's very easy to set this up. If the NFSV4 server
checked machine credentials before granting auth-sys access then it
would be much more tricky.
More information about the NFSv4
mailing list