On 12/01/2011 04:58 PM, John Hodrien wrote:
On Thu, 1 Dec 2011, Ondrej Valousek wrote:
> And how does it affect security? Easily - if you declare nfs/ UPN principal
> for deneb and nfs/ SPN principal for polaris, you making sure that only
> polaris can be used as a NFS server and deneb as a NFS client and not
> vice-versa.
NFS is a freaky oddity though. You've done nothing to stop me running pretty
much any other service I like.
jh
Kerberos can not protect you against a malicious root, but it can very well protect you
against a malicious user. So if you are a common
user, it is very easy to lock the system down the way so you have to use say NFS/Kerberos
or nothing else.
That's a different story though...