On Thu, Jan 24, 2013 at 07:28:04PM -0500, Thierry Moreau wrote:
Hi!
Hello Thierry,
Attempting to install an NFS server on a Crux 2.8 box, I notice from the Pkgfile that the configure options include --disable-gss (i.e. no Kerberos dependency) but including neither --disable-nfsv4 nor --disable-nsfv41 (thus presumably supporting NFS versions 4, 4.1).
This seem to imply a limited security model: wouldn't the kerberos model be the typical one for NFS version 4? Would the kerberos package be the only additional dependency with --enable-gss=yes (the default)?
No, you need libgssglue and librpcsecgss from the NFSv4 project [1] and not at least ldap for krb5. Sure, without kerberos NFSv4 is using the same host-based authentication than NFSv3 and the overall security depends on the security of the network connections.
Also, the kernel support of keys (CONFIG_KEYS in .config) might be required for an NFS version 4 server in either security model -- I'm not sure.
My only suggestion is that a short README file in ports/opt/nfs-utils could explain these two points. I am not confident enough to propose some text, sorry.
Good idea, will add a README to the port.
Best regards, and thanks again for the Crux distributions!
Glad to see that you like CRUX :) thanks for the report and best regards Juergen [1] http://www.citi.umich.edu/projects/nfsv4/linux/