Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

> NFS seems like the easiest option but its ancient and insecure over the network.

r.e. old: nfsv4 is a different beast than nfs3;

r.e. secure: these things don't hold true with krb5 auth.



Wikipedia says v4 came out in 2000 and a search for encryption on the page shows no results.

sftp gives you really good key based authentication and encryption over the network. I wouldn't trust NFS for anything other than a highly secure internal network.


Mount with sec=krb5p and you get encryption (the p is short for Privacy).


>a search for encryption on the page shows no results

https://wiki.debian.org/NFS/Kerberos

krb5p is pretty secure. You just need a Kerberos implementation. The alternative is to run NFS over Stunnel, which is what Amazon does for EFS.


It's still not link layer encrypted, IIRC?




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: