On Sat, 2010-09-04 at 13:29 +0300, Sjoerd Hardeman wrote:
> Op 04-09-10 10:52, Tixy schreef:
> > I'm trying to set up NFS to use in a home made NAS and want to add some
> > form of server based authentication for access. All of the information I
> > can find seems to suggest using kerberos, is there a simpler alternative
> > that could do something like check a username+password?
> You can use NFS via a SSH or VPN tunnel.
I originally tried just using SFTP as that comes for free and requires
no setup. However the throughput was too low (5MB/s) due to maxing out
the CPU on the server machine (a SheevaPlug). I'm guessing VPN would
have similar CPU overheads.
> The reason that it is
> complicated is that when you authenticate to the server, you need also a
> ticket that tells the server you authenticated. Else you'd need to type
> your password every time you check a file on the NFS. Kerberos is a
> clean way of exactly doing that: handing out the tickets to track
> sessions. SSH and VPN tunnels basically do the same: keep a lasting session.
> You can probably try some firewalling techniques for a simple
> a-little-less-easy access to the NFS.
Thanks for the explanation and suggestions. I beginning to question if I
actually need any authentication. The files stored on the NAS don't
contain sensitive data which isn't in encrypted files, and I have
backups in case of deletion. So the probability and risk of malicious
activity on my home network are very low.
--
Tixy () The ASCII Ribbon Campaign (www.asciiribbon.org)
/\ Against HTML e-mail and proprietary attachments
--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/1283599589.2464.32.ca...@computer2.home
