l i n u x - u s e r s - g r o u p - o f - d a v i s
L U G O D
 
Next Meeting:
October 20: Web Application Hacking: How to Make and Break Security on the Web
Next Installfest:
TBD
Latest News:
Oct. 10: LUGOD Installfests coming again soon
Page last updated:
2001 Dec 30 17:10

The following is an archive of a post made to our 'vox-tech mailing list' by one of its subscribers.

Report this post as spam:

(Enter your email address)
Re: [vox-tech] adventures in NFS land
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [vox-tech] adventures in NFS land



I mean something ala S/Key, which is a system where you've got a hash that's known only to you, and that hash is a seed that when entered as an argument along with a number generated by the system (challenge) into an algorithm (forget which one), it produces a four word english phrase (the response).  The number eventually degrades down to 0, at which time your hash has to be regenerated.

The PalmKey app I referred to is a small application which takes the hash you enter into it and the number produced by the login system, then generates the four word response.  I'm still trying to get it set up on one of my boxes here, I'll try writing a HowTo when I'm done...

-- G

begin  Aaron King quotation:
> Now this is something like what I had in mind!  When you say "challenge response generator", do you mean something like SSH?  (I'm not familiar with Palm).
> 
> A.
> 
> Geoffrey Herteg wrote:
> 
> > If you're looking for secure file sharing over the Internet, you might want to consider the Self-certifying File System (SFS, http://www.fs.net/).  When combined with OPIE (one time passwords), it's pretty darn secure, but you do need a challenge response generator on-hand (like PalmKey for the Palm).
> >
> > -- G
> >
> > begin  Peter Jay Salzman quotation:
> > > dear all,
> > >
> > > i just configured nfs for the first time from scatch.  it was easy.  took me
> > > under 20 minutes to do.
> > >
> > > 8 minutes: reading the howto.  actually, i simply skimmed paragraphs that
> > >    looked sorta important.
> > >
> > > 10 minutes: browsed through the google newsgroups to look for mention of
> > >    "rpc: connection refused" error.  google didn't pan out (but lots of people
> > >    asked the same question).  i found the answer by going back to the howto.
> > >
> > > the funny thing is that the howto is kind of outdated for what i'm using --
> > > the kernel NFS feature, rather than user space NFS.
> > >
> > > the kernel space NFS is supposed to be faster, but is also supposed to be
> > > harder to debug.  here is the outline of the steps:
> > >
> > > 1. compile the kernel on the server with "kernel nfs server support"
> > >    include nfs 3 support.
> > > 2. compile the kernel on the client with "kernel nfs client support"
> > >    include nfs 3 support.
> > > 3. edit /etc/hosts.allow, /etc/hosts.deny for security  here's the deny file:
> > >
> > >    portmap: ALL
> > >    lockd: ALL
> > >    mountd: ALL
> > >    rquotad: ALL
> > >    statd: ALL
> > >
> > > and here's the allow file:
> > >
> > >    portmap: lucifer.diablo.net
> > >    lockd: lucifer.diablo.net
> > >    rquotad: lucifer.diablo.net
> > >    mountd: lucifer.diablo.net
> > >    statd: lucifer.diablo.net
> > >
> > > 4. make the file /etc/exports.  here's mine.  i simply mount /home on the
> > >    remote machine.
> > >
> > >       /home 192.168.0.4(rw)
> > >
> > > 5. /etc/init.d/nfs start
> > > 6. run rpc.mountd, rpc.nfsd and rpc.lockd on the server.  (this was teh step
> > >    i was missig that caused the rpc: connection refused" message.
> > > 7. on the client,
> > >
> > >      lucifer# mount satan:/home /home
> > >
> > > 8. wait a bit
> > >
> > > and suddenly, i now have my home directory shared between my 2 computers.
> > > very cool.  my bookmarks, my files; everything is available to me on both
> > > computers.  no more wondering if i left a particular file on this machine or
> > > that machine...
> > >
> > > i'm behind a pretty strong firewall, so running nfs on my home network
> > > doesn't pose much of a threat.  although if i'm wrong, someone please speak
> > > up!  :)
> > >
> > > if anyone has any tips on optimizing nfs or making it more secure, i'm all
> > > ears too.
> > >
> > > pete
> > >
> > > --
> > > "You may not use the Software in connection with any site that disparages
> > > Microsoft, MSN, MSNBC, Expedia, or their products or services ..."
> > >                     -- Clause from license for FrontPage 2002
> 
> --
> ======================================================================
> Aaron King, Ph.D.                        http://two.ucdavis.edu/~aking
> Dept. of Environmental Science & Policy       mailto:aking@ucdavis.edu
> University of California                             Tel: 530/752 3026
> One Shields Avenue, Davis CA 95616 USA               Fax: 530/752 3350
> ======================================================================
> 


LinkedIn
LUGOD Group on LinkedIn
Sign up for LUGOD event announcements
Your email address:
facebook
LUGOD Group on Facebook
'Like' LUGOD on Facebook:

Hosting provided by:
Sunset Systems
Sunset Systems offers preconfigured Linux systems, remote system administration and custom software development.

LUGOD: Linux Users' Group of Davis
PO Box 2082, Davis, CA 95617
Contact Us

LUGOD is a 501(c)7 non-profit organization
based in Davis, California
and serving the Sacramento area.
"Linux" is a trademark of Linus Torvalds.

Sponsored in part by:
Appahost Applications
For a significant contribution towards our projector, and a generous donation to allow us to continue meeting at the Davis Library.