Re: when will we be able to use LIPKEY on NFS4 on Linux?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, 2010-09-27 at 16:35 +0800, Zhang Weiwu wrote:
> Hello.
> 
> Quote from 2006 article:
> http://www.ibm.com/developerworks/systems/library/es-nfs-security/index.html#N100AF
> 
>     In /a few years/, NFS Version 4 implementations will start claiming
>     support for the public key-based security mechanism (SPKM and LIPKEY).
> 
> 
> My question:
> 
>    1. Is LIPKEY already implemented in some NFS4 implementation?
>       Particularly, I am interested using it on Debian Linux.
>    2. I could not manage to find a how-to on using LIPKEY, e.g. where to
>       store the public key and certificates, where to configure
>       username/password for client authentication. Is there one existing?
> 
> Thanks in advance!

We're likely to drop the requirement that SPKM3/LIPKEY be a mandatory
security mechanism for NFSv4 in the revised RFC3530 (a.k.a. RFC3530bis)
that is being drafted.

The reason is that the SPKM3 mechanism (on which LIPKEY relies) appears
to contain inherent security flaws that are difficult to fix. The IETF
security group have therefore pretty much killed it as an option.
Other alternatives to SPKM3 are being discussed, but I'm not aware of
anything that replaces LIPKEY.

Cheers
  Trond

--
To unsubscribe from this list: send the line "unsubscribe linux-nfs" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html


[Index of Archives]     [Linux Filesystem Development]     [Linux USB Development]     [Linux Media Development]     [Video for Linux]     [Linux NILFS]     [Linux Audio Users]     [Yosemite Info]     [Linux SCSI]

  Powered by Linux