Re: [vox-tech] adventures in NFS land
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [vox-tech] adventures in NFS land
Now this is something like what I had in mind! When you say "challenge response generator", do you mean something like SSH? (I'm not familiar with Palm).
A.
Geoffrey Herteg wrote:
> If you're looking for secure file sharing over the Internet, you might want to consider the Self-certifying File System (SFS, http://www.fs.net/). When combined with OPIE (one time passwords), it's pretty darn secure, but you do need a challenge response generator on-hand (like PalmKey for the Palm).
>
> -- G
>
> begin Peter Jay Salzman quotation:
> > dear all,
> >
> > i just configured nfs for the first time from scatch. it was easy. took me
> > under 20 minutes to do.
> >
> > 8 minutes: reading the howto. actually, i simply skimmed paragraphs that
> > looked sorta important.
> >
> > 10 minutes: browsed through the google newsgroups to look for mention of
> > "rpc: connection refused" error. google didn't pan out (but lots of people
> > asked the same question). i found the answer by going back to the howto.
> >
> > the funny thing is that the howto is kind of outdated for what i'm using --
> > the kernel NFS feature, rather than user space NFS.
> >
> > the kernel space NFS is supposed to be faster, but is also supposed to be
> > harder to debug. here is the outline of the steps:
> >
> > 1. compile the kernel on the server with "kernel nfs server support"
> > include nfs 3 support.
> > 2. compile the kernel on the client with "kernel nfs client support"
> > include nfs 3 support.
> > 3. edit /etc/hosts.allow, /etc/hosts.deny for security here's the deny file:
> >
> > portmap: ALL
> > lockd: ALL
> > mountd: ALL
> > rquotad: ALL
> > statd: ALL
> >
> > and here's the allow file:
> >
> > portmap: lucifer.diablo.net
> > lockd: lucifer.diablo.net
> > rquotad: lucifer.diablo.net
> > mountd: lucifer.diablo.net
> > statd: lucifer.diablo.net
> >
> > 4. make the file /etc/exports. here's mine. i simply mount /home on the
> > remote machine.
> >
> > /home 192.168.0.4(rw)
> >
> > 5. /etc/init.d/nfs start
> > 6. run rpc.mountd, rpc.nfsd and rpc.lockd on the server. (this was teh step
> > i was missig that caused the rpc: connection refused" message.
> > 7. on the client,
> >
> > lucifer# mount satan:/home /home
> >
> > 8. wait a bit
> >
> > and suddenly, i now have my home directory shared between my 2 computers.
> > very cool. my bookmarks, my files; everything is available to me on both
> > computers. no more wondering if i left a particular file on this machine or
> > that machine...
> >
> > i'm behind a pretty strong firewall, so running nfs on my home network
> > doesn't pose much of a threat. although if i'm wrong, someone please speak
> > up! :)
> >
> > if anyone has any tips on optimizing nfs or making it more secure, i'm all
> > ears too.
> >
> > pete
> >
> > --
> > "You may not use the Software in connection with any site that disparages
> > Microsoft, MSN, MSNBC, Expedia, or their products or services ..."
> > -- Clause from license for FrontPage 2002
--
======================================================================
Aaron King, Ph.D. http://two.ucdavis.edu/~aking
Dept. of Environmental Science & Policy mailto:aking@ucdavis.edu
University of California Tel: 530/752 3026
One Shields Avenue, Davis CA 95616 USA Fax: 530/752 3350
======================================================================
|
