- 论坛徽章:
- 15
|
man nfs
SECURITY CONSIDERATIONS
NFS servers control access to file data, but they depend on their RPC implementation to provide authentication of NFS requests. Traditional NFS access control mim-
ics the standard mode bit access control provided in local file systems. Traditional RPC authentication uses a number to represent each user (usually the user's
own uid), a number to represent the user's group (the user's gid), and a set of up to 16 auxiliary group numbers to represent other groups of which the user may be
a member.
Typically, file data and user ID values appear unencrypted (i.e. "in the clear" on the network. Moreover, NFS versions 2 and 3 use separate sideband protocols for
mounting, locking and unlocking files, and reporting system status of clients and servers. These auxiliary protocols use no authentication.
In addition to combining these sideband protocols with the main NFS protocol, NFS version 4 introduces more advanced forms of access control, authentication, and
in-transit data protection. The NFS version 4 specification mandates NFSv4 ACLs, RPCGSS authentication, and RPCGSS security flavors that provide per-RPC integrity
checking and encryption. Because NFS version 4 combines the function of the sideband protocols into the main NFS protocol, the new security features apply to all
NFS version 4 operations including mounting, file locking, and so on. RPCGSS authentication can also be used with NFS versions 2 and 3, but does not protect their
sideband protocols.
The sec mount option specifies the RPCGSS security mode that is in effect on a given NFS mount point. Specifying sec=krb5 provides cryptographic proof of a user's
identity in each RPC request. This provides strong verification of the identity of users accessing data on the server. Note that additional configuration besides
adding this mount option is required in order to enable Kerberos security. Refer to the rpc.gssd( man page for details.
Two additional flavors of Kerberos security are supported: krb5i and krb5p. The krb5i security flavor provides a cryptographically strong guarantee that the data
in each RPC request has not been tampered with. The krb5p security flavor encrypts every RPC request to prevent data exposure during network transit; however,
expect some performance impact when using integrity checking or encryption. Similar support for other forms of cryptographic security (such as lipkey and SPKM3) is
also available.
The NFS version 4 protocol allows clients and servers to negotiate among multiple security flavors during mount processing. However, Linux does not yet implement
such negotiation. The Linux client specifies a single security flavor at mount time which remains in effect for the lifetime of the mount. If the server does not
support this flavor, the initial mount request is rejected by the server. |
|
免费注册
发表于 2014-06-23 15:39
