Simo Sorce wrote: It's a MITM setting. Suppose you have 2 servers: secure.server.name where you store confidential documents public.server.name where everyone have access for reading (and you can write) If you mount -t nfs secure.server.name/export and rely on PTR records and an attacker can spoof your PTR request to return public.server.name you will end up acquiring a ticket for public.server.name from the KDC. Then the attacker will redirect your mount to public.server.name all the while you think you have mounted secure.server.name Now anything you copy there goes to a public server instead of your secure server. Now imagine your secure server is a backup server which gets mounted by a cron job every night for backups of sensitive information. I guess what you're saying is that the client might not know the full name of the secure server, and could be tricked into thinking it's public.server.name. That's not what I'd call mitm; kerberos is pretty much immune to mitm. It's not really a dns mitm either, it's a spoofed reply. I would be in favor of requiring kerberized nfs clients to know the full name of the server they're trying to connect to. Kerberized nfs clients should not be relying on dns for any part of their security. But I guess we haven't been doing that, and to make that a requirement now would be a compatibility problem. -- To unsubscribe from this list: send the line "unsubscribe linux-nfs" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
