I have been a big fan of Kerberos and kerberized NFS. While Kerberized NFS provides granular per message encryption (krb5p, krb5i etc) between the kerberized NFS client and kerberized NFS server (per mount basis), what would be the additional advantages of deploying kerberized NFS infrastructure as opposed to having VPN tunnel between the NFS client and NFS server?
In other words does a VPN tunnel between NFS client system and NFS server system override the need to have a kerberized NFS infrastructure ?
Any valued thoughts will help understand this choices a real-time deployment can make.
On 3/7/11 4:15 AM +0000 sandeep patil wrote:
> In other words does a VPN tunnel between NFS
> client system and NFS server system override the need to have a
> kerberized NFS infrastructure ?
No. The two are unrelated. Even though I authenticate to the VPN
(assuming it involves user-level authentication and said authentication
is strong), if you use "insecure" NFS I can impersonate (wrt NFS) any
user at will. *That* is the problem that kerberized NFS is fixing
and VPN does not change that.
krbdev mailing list [hidden email] https://mailman.mit.edu/mailman/listinfo/krbdev
Joyous to know about this information on vpn server. Few months ago, I availed services of the best vpn for China and happy that they provided good speed and unlimited bandwidth. They also provided uninterrupted services.