[Info-vax] X86VMS SAMBA V4.10-16D
Matthew R. Wilson
mwilson at mattwilson.org
Thu May 23 21:15:17 EDT 2024
On 2024-05-17, Lawrence D'Oliveiro <ldo at nz.invalid> wrote:
> On Fri, 17 May 2024 22:14:52 -0000 (UTC), Matthew R. Wilson wrote:
>
>> On 2024-05-16, Lawrence D'Oliveiro <ldo at nz.invalid> wrote:
>>
>>> On Wed, 15 May 2024 12:24:43 +0100, chrisq wrote:
>>>
>>>> ... nfs is the standard ...
>>>
>>> NFS requires too much trust between machines.
>>
>> NFS with Kerberos solves that ...
>
> But that still works with mounting an entire volume, and trusting to the
> mounting client to enforce filesystem protections, doesn’t it? It isn’t
> controlled on a per-user basis, like SMB is.
I don't think so; last I used it (it's been a while) between Linux and
MacOS X clients against a Solaris NFS server, it seemed like the server
was enforcing access permissions based on the user in the kerberos
ticket. (And a user who just logged in couldn't access any files on the
mounted NFS share even though other users could; the user had to run the
command to log in to the kerberos server and get their ticket, and after
a couple hours NFS would suddenly stop working for them if they didn't
refresh their individual ticket. Of course in a real deployment getting
the kerberos ticket when the user logs in would be automated and part
of, say, the PAM process and such. But the point is, I'm pretty sure it
was the NFS server on Solaris enforcing permissions based on the
kerberos ticket the user making the request held.)
-Matthew
More information about the Info-vax
mailing list