On Mon, 2011-06-06 at 14:51 -0400, Dan wrote: > On Sun, Jun 5, 2011 at 9:30 PM, Nico Kadel-Garcia <nka...@gmail.com> wrote: > > On Sun, Jun 5, 2011 at 5:38 AM, Simon Brandmair <sbrandm...@gmx.net> wrote: > >> Hi, > >> > >> On 3/6/2011 19:50 Axel Freyn wrote: > >> [...] > >>> For NFSv4 this has changed. You can use NFSv4 in different modes. The > >>> easy one has the same problem. > > > > NFSv4 is a giant pain in the keister, not worth the headaches. The > > NFSv4 access published from an actual Linux or other NFSv4 capable > > service can be published, it can be passed along via Samba to CIFS > > clients, but the CIFS clients cannot *see* or manipulate the NFSv4 > > permissions due to incompatibilities between thee two ownership > > models, and due to the Samba code for this being "spaghetti code". > > (http://samba.2283325.n4.nabble.com/viewing-if-not-editing-NFSv4-ACL-s-from-Samba-shares-td2417666.html). > > > > Overall, NFSv4 has proven itself destabilizing and useless in small > > and large environments. It takes a significant investment in complex > > infrastructure, and the security benefits have proven to be illusory > > in the face of clients who *insist* on making their home directories > > publicly accessible, clients who use password free SSH keys, or > > clients who store passwords in source controlled software with no > > access control. (I've run into all of these in environments that spent > > useless years pursuing the "security" of NFSv4 and ignoring gaping > > holes in infrastructure security.) > > Yes, I read the documentation for Kerberos and it seems to be too > complicated. I think that it is an overkill to connect to computers. > In my case the LAN is the whole University and it is very easy to > spoof an IP, I checked that. So NFSv3 might not be such a good idea. > > How about NFSv3 over a ssh tunnel? That should be easy to implement. I > compared the transfer of a file of 700Mb between scp (encrypted) and > samba not encrypted, and the result is: > -scp: 38 seconds, and 25% of overhead in one of the 4 cores of the computer > -samba: 18 seconds and no overhead > > So in my case I think it can be acceptable to do a ssh tunnel as most > of the times most of the cores of the computer are not used and there > is not a big traffic of data. Are there other disadvantages of using a > ssh tunnel? <snip> Hmm . . . if you are going to go that route, how about sshfs? Again, I don't know a great deal about it but that is how we transfer files securely in the X2Go remote desktop project (www.x2go.org) - John
-- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/1307388748.6630.36.ca...@denise.theartistscloset.com
