[TriLUG] Network file system.

Tanner Lovelace lovelace at wayfarer.org
Fri Aug 23 09:22:24 EDT 2002


On Fri, 2002-08-23 at 08:35, Ben Simpson wrote:
> Is there a network file system that is safe (or safer) to use than NFS?  And
> has anyone set that up in a real world enviornment?

You can actually increase the security of NFS by pairing it
with kerberos.  I've never actually done it myself, but I've
seen it mentioned in the docs.

Alternatively, you could try AFS.  It's very secure, uses
Kerberos 4 (or its own version of kerberos) and works well, even
on WAN links.  Disadvantages are, though, that it's fairly 
complex to setup and you need a large amount of disk space
because it caches disk requests.

Coda is the follow on to AFS.  It pretty much supports everything
AFS does but adds disconnected operation.  That is, if you
unhook your laptop from the net, you can still access network
drives.  As you might expect, this can also take significant
disk space.

Intermezzo is an attempt to get similar results as Coda, but
in a more user-friendly system.  It has disconnected operation,
uses ext3 as the underlying filesystem (unlike AFS and CODA,
which use their own setup, iirc) and is standard in the linux
kernel.  Other than that, I don't know much about it.

Samba is the windows file system protocol.  When it was first
deployed, Windows sent passwords as clear text.  That hasn't
been the case for a while, though, but a side effect of not
doing clear text passwords means you have to keep a separate
password database just for samba.  You might be able to integrate
it with kerberos, but I'm not sure about that.

If I were advising you, I'd first suggest looking at NFS with
kerberos, primarily because NFS is so easy to setup.  If that
doesn't meet your security needs, I'd probably suggest AFS, since
it's the most mature filesystem on this list.  Unfortunately, it's
also the hardest to setup.  If you're going to setup AFS, I'd
suggest trying to find someone at either UNC, Duke, or State
who's done it before (they all run AFS).  I've setup Coda once
before and my impression was that it wasn't quite ready for
prime time. :-(

Tanner
-- 
Tanner Lovelace | lovelace at wayfarer.org | http://wtl.wayfarer.org/
--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--
GPG Fingerprint = A66C 8660 924F 5F8C 71DA  BDD0 CE09 4F8E DE76 39D4
GPG Key can be found at http://wtl.wayfarer.org/lovelace.gpg.asc
--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--
          Si hoc legere scis, nimium eruditionis habes.




More information about the TriLUG mailing list