Date: Thu, 25 Sep 2003 12:37:13 -0400 (EDT) From: Robert Watson <rwatson@freebsd.org> To: "David G. Andersen" <danderse@cs.utah.edu> Cc: freebsd-security@freebsd.org Subject: Re: unified authentication Message-ID: <Pine.NEB.3.96L.1030925123616.50146N-100000@fledge.watson.org> In-Reply-To: <20030925100650.B80664@cs.utah.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 25 Sep 2003, David G. Andersen wrote: > > The Arla client used to work quite well, and probably still works quite > > well on 4.x. I'm not sure of the status of Arla on 5.x. It sounded like > > Tom Maher had the OpenAFS server code up and running on FreeBSD, so you > > should at least have access to a pair of AFS client/server that work. > > If the client machines are semi-trusted, SFS is a good solution. > I don't know that its authentication is integrated with kerberos, > but the security model is at least stronger than NFS: Root on a > client machine could gain access to users accounts if they accessed > them from that machine, but not to accounts that merely were OK > to export to that machine. > > http://www.fs.net/ And one of the very nice things about the SFS implementation is that it plugs into loop-back NFS on the client, so you don't need special kernel changes, which is what has made the OpenAFS and Arla stuff so difficult. On the other hand, there's presumably the expected observable performance difference... Robert N M Watson FreeBSD Core Team, TrustedBSD Projects robert@fledge.watson.org Network Associates Laboratories
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.NEB.3.96L.1030925123616.50146N-100000>