[OpenAFS] OpenAFS vs NFSv4?
Ted Anderson
TedAnderson@mindspring.com
Tue, 29 Apr 2003 08:59:17 -0400
On 4/28/2003 10:22, John Rudd wrote:
>>From: Ryan Underwood <nemesis-lists@icequake.net>
>>It seems that NFSv4 does two-way authentication,
> On a related line, does NFSv4's authentication apply only at mount
> time (like with kerberized NFS), or is it transaction and per-user
> oriented like AFS?
NFSv4 does provides real security for the RPC traffic using GSSAPI, so
you get a choice of various privacy and/or integrity options. Unlike
other advanced features of NFSv4, this one is mandatory (this type of
IETF paranoia is certainly one very good outcome of the hostile behavior
of NSA and DoD toward public use of encryption. The IETF is totally
adamant about this sort of thing). Required authentication options are
Kerberos 5 and LIPKEY (a client password, server public key certificate
arrangement).
So it is not just at mount time and is very much equivalent to AFS. And
better, of course, because it uses the GSSAPI standard and provides all
the modern encryption types.
Ted Anderson