[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IPSEC and NFS



While NFS is broken in that it currently depends on client machines to
represent uid, I can think of two ways to fix this, one of which isn't
too hard.

The first way is very similar to how 'kerberized NFS' worked at MIT
Athena.  It's fairly easy to add a uid mapping table to an NFS server,
so that incoming 'ip addr, uid' values are mapped to something else.
One could accept authenticated requests to add mappings, but make the
left hand side be 'SA bundle, uid', rather than 'ip addr, uid'.  This
way, the NFS request would have to be IPSEC-authenticated.  This could
be made to work with per-host keying for the SA bundle protecting the
data traffic, but still require per-user keying to authenticate the
request to install the mapping.  This would allow reasonable behavior
from hosts completely under a user's control (they can access their
own files) and also reasonable behavior from multi-user systems.

The next way is to require that the SA bundle in the mapping be
per-user keying.  This would require changing client filesystem
implementations to use a different SA for each user.  For UDP this
might be doable easily, but for NFS over TCP I suspect a separate TCP
connection might be required per user.

        Greg Troxel <gdt@ir.bbn.com>