[2760] in Kerberos
Re: Kerberized NFS...
daemon@ATHENA.MIT.EDU ("Mark W. Eichin")
Wed Jul 21 16:04:44 1993
Date: Wed, 21 Jul 93 15:50:15 EDT
From: eichin@Athena.MIT.EDU ("Mark W. Eichin")
To: "Jon A. Rochlis" <jon@GZA.COM>
Cc: cmetz@bdmserver.mcl.bdm.com (Craig Metz), kerberos@Athena.MIT.EDU
In-Reply-To: "[2757] in Kerberos"
>> What performance loss and CPU overhead? The Athena Kerberized NFS on
>> authenticates at mount time. That cost is minimal. To do more would
But the authentication is independent of the mount -- it sets
up remoteuid+host->uid mappings; the problem, there, is that most
(all?) in-kernel NFS implementations don't have any support for these
mappings, so if you don't have kernel+NFS sources, your alternative is
a user-mode NFS server which implements the mappings directly.
User-mode NFS servers tend to be slow *without* any changes...
Solaris 2 has NFS with "strong authentication" (ie. Kerberos)
at mount time *and* per-packet (some kind of token) but I don't
believe a spec has been published (if you want me to believe, send me
a copy or a pointer.) I haven't heard of any compatible
implementations.
_Mark_ <eichin@athena.mit.edu>
MIT Student Information Processing Board
Cygnus Support <eichin@cygnus.com>
