From owner-freebsd-questions Mon Feb 28 9:57:23 2000 Delivered-To: freebsd-questions@freebsd.org Received: from mta2.snfc21.pbi.net (mta2.snfc21.pbi.net [206.13.28.123]) by hub.freebsd.org (Postfix) with ESMTP id 264F937B8F6 for ; Mon, 28 Feb 2000 09:57:20 -0800 (PST) (envelope-from stevedav@pacbell.net) Received: from imram.net ([63.194.87.92]) by mta2.snfc21.pbi.net (Sun Internet Mail Server sims.3.5.1999.09.16.21.57.p8) with ESMTP id <0FQN0028NJ5V9J@mta2.snfc21.pbi.net> for freebsd-questions@freebsd.org; Mon, 28 Feb 2000 09:56:19 -0800 (PST) Received: (from stevedav@localhost) by imram.net (8.9.3/8.9.3) id KAA24034 for freebsd-questions@freebsd.org; Mon, 28 Feb 2000 10:00:23 -0800 (PST) Date: Mon, 28 Feb 2000 10:00:23 -0800 (PST) From: Steve Davidson Subject: How do I use NFS with secureRPC as a FreeBSD client connecting to a Solaris server? To: freebsd-questions@freebsd.org Reply-To: stevedav@pacbell.net Message-id: <200002281800.KAA24034@imram.net> Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Questions: How can I implement secureRPC for NFS between Solaris 7 and FreeBSD 3.4? How do I use NFS with secureRPC as a FreeBSD client connecting to a Solaris server? I want users to use 'keylogin' to establish their "publickeys", and use this to establish secureRPC connections to Solaris servers from freeBSD clients. Also, how do I serve NFS with secureRPC from FreeBSD? I have seen the "-kerb" option for Kerberos but nothing for secureRPC. Kerberos is not based the "publickey" database. Solaris supports four types of secureRPC services on NFS exports: From the "share_nfs" man page (Solaris 7): sec=mode[:mode]... Sharing will use one or more of the specified security modes. The mode in the sec=mode option must be a mode name supported on the client. [...] The security modes are defined in nfssec(5). [also...] secure This option has been deprecated in favor of the sec=dh option. Does FreeBSD support the "secure" (Diffie-Hellmen) mode? This seems to be the "classic" Sun secureRPC mechanism. From the "nfssec(5)" man page (Solaris 7): The mount_nfs(1M) and share_nfs(1M) commands each provide a way to specify the security mode to be used on an NFS file system through the sec=mode option. mode can be either sys, dh, krb4, or none. If the NFS connection uses the NFS Version 3 protocol, the NFS clients must query the server for the appropriate mode to use. [...] NFS clients may force the use of a specific security mode by specifying the sec=mode option on the com- mand line. However, if the file system on the server is not shared with that security mode, the client may be denied access. Background: FreeBSD secureRPC documentation is sparse. On the FreeBSD side I reviewed: rpc_secure(3) mount_nfs(8) mountd(8) exports(5) The Handbook and FAQ I found the the -kerb option in exports. I don't know if this uses the "publickey" NIS database -- I doubt it. stevedav@NOSPAM.pacbell.net (Remove the 'NOSPAM.') To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message