Not sure what you were originally after but I came across this the other day
http://fuse.sourceforge.net/sshfs.html
- Linden.
J.C. Roberts wrote:
On Tuesday 17 July 2007, Edd Barrett wrote:
HI,
On 17/07/07, J.C. Roberts <[EMAIL PROTECTED]> wrote:
Hi Edd,
I was curious if you ever found a decent answer for your question
on secure network file systems?
Not really. I have signed up for free academic licenses of sharity
(not light), as sharity-light seemed to be sketchy on file
permissions last time i tried it. It will do for now, but in a
business situation it would be a VERY expensive solution. At least it
has authentication.
Linux has some userland SSH mounting facilities, it appears we have
no equivalent.
I have looked at forwarding the NFS/NIS over a ssh tunnel (ssh -L),
but i do not see an option for mount_nfs that allows you to specify
the mountd port, so this is not possible.
It is possible. How to configure the mount port is in the man page for
mount_nfs(8). Each of the various mount_* commands have their own man
pages with relevant info for the specific file systems (as noted in the
mount(8) man page).
You can expect a performance hit for forcing a mixed transport layer
protocol (UDP and TCP) like NFS to only use TCP but on the bright side,
if portions of your university network are wireless (i.e. packet loss),
you're probably better off with TCP anyhow.
These guys run NFS over SSH in a mixed environment:
http://www.noahk.com/~sparrow/journal/index?user=noahk
But there are probably better ways to do it.
I have looked into ipsec, but it seems overly complex and overkill
for my situation.
As for using ipsec, well, the most fair thing I could say is "IPSec
always looks like overkill." I would never call it easy (although some
work is being done to simplify it), but once you get past the learning
curve, ipsec VPN's work very well. None the less, your question
somewhat implied *not* creating a VPN.
I thought that perhaps the OpenBSD developers might have been
interested in some sort of "OpenSNFS" project for example as there is
no decent solution, and they did such a great job on OpenBSD/OpenSSH.
Thanks for that guys.
More than one solution already exists but none of them are simple and
all of them have a learning curve. Your question stated a "secure
network file system" and work on such a beast is currently being
done... -it's called NFSv4. ;-)
http://www.ietf.org/rfc/rfc3530.txt
Abstract:
The Network File System (NFS) version 4 is a distributed filesystem
protocol which owes heritage to NFS protocol version 2, RFC 1094, and
version 3, RFC 1813. Unlike earlier versions, the NFS version 4
protocol supports traditional file access while integrating support
for file locking and the mount protocol. In addition, support for
strong security (and its negotiation), compound operations, client
caching, and internationalization have been added. Of course,
attention has been applied to making NFS version 4 operate well in an
Internet environment.
You'd have better chances of dividing by zero than getting any
useful information out of me about (Le)TeX. I've never studied it,
and don't use it, but I must say, I've always been curious about
it.
Well if you wish to get started with it, drop me a private email and
I can suggest some reading materials and websites. Theres a whole lot
more to texlive than just latex (context, xetex, xmlex.. the list
goes on), but its not really suitable on the openbsd mailing lists :)
Please send them off list :-)
PS: Who's that on CC?
I'm not a fan of NIS, and since NFSv4 has support for kerberos (and
other interesting goodies), cc'ing two of the guys who are working on
NFSv4 for openbsd seemed wise (see links in previous post). They are in
a much better position than me to tell you what NFSv4 can and can not
do.
kind regards,
JCR
