NFS V2 Security

• underlying RPC protocol allows several different schemes for authentication

  • including Kerberos (!)
  • but not for the mount protocol

• in practice: only system based authentication

• no authentication of server to client

• permissions checked by numeric UID/GID

  • assumed to be equal on server and client

• protocol allows

  • “squashing” ID 0
  • readonly exports

Previous slide

Next slide

Back to first slide

View graphic version