> > What's your suggestion to improve/secure my configuration? > > I already told you that you need a backport of the latest version of > libtirpc. The Version included in squeeze is broken. You recommended to use backports. As you now say the lib is broken things are different and I finally solved my problem. For those who face similar issues I sum up my last steps: - include squeeze-backports and upgrade nfs-common, nfs-kernel-server to version 1.2.4 and Linux kernel to 3.2 - replace portmap by rpcbind - install version 0.2.2 of libtirpc from unstable (forced new libc6) - remove pseudo root from /etc/exports - use AES keys for Kerberos Thanks to all for your helpful hints! :) regards knut ------ # dpkg -l ... ii libnfsidmap2 0.23-2 An nfs idmapping library ii nfs-common 1:1.2.4-1~bpo60+1 NFS support files common to client and server ii nfs-kernel-server 1:1.2.4-1~bpo60+1 support for NFS kernel server ii libgssrpc4 1.8.3+dfsg-4squeeze5 MIT Kerberos runtime libraries - GSS enabled ONCRPC ii librpcsecgss3 0.19-2 allows secure rpc communication using the rpcsec_gss protocol ii libtirpc1 0.2.2-5 transport-independent RPC library ii rpcbind 0.2.0-4.1 converts RPC program numbers into universal addresses ii linux-image-3.2.0-0.bpo.1-686-pae 3.2.4-1~bpo60+1 Linux 3.2 for modern PCs -- To unsubscribe from this list: send the line "unsubscribe linux-nfs" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
