On Tue, 2004-09-14 at 09:45, Steve Coleman wrote: > John Hearns john.hearns-at-clustervision.com |fedora| wrote: > I was just basically saying to make sure security is thought about early > in the boot process, or at least as early as possible. I believe the best way to implement a security model here would be to add the authentication into the initrd. Some form of authentication could be done before the root filesystem is ever mounted, but NFS v3 is not a secure protocol. If NFS is being exported to a certain node, no amount of client-side authentication can stop someone from getting to a prompt and running the 'mount -t nfs' by hand. This pushes the security concerns onto the NFS server. I believe that NFS v4 has paid more attention to security details. -JE
