NFS security ...

[dmitchell@trc.amoco.com (Donald H. Mitchell)]

    Date: Wed, 29 May 91 16:38 EDT
    From: buff@pravda.cc.gatech.edu (Richard Billington)

    As far as I know, the nfs protocol makes no provision for security, leaving
    that up to the hosts involved. Since the Symbolics has no security, that means
    that someone can login as anyone on a Symbolics and have that anyone's nfs
    mounted files on a "secure" nfs server completely available to them.

???? Everytime I log into the symbolics it prompts me for my Unix password.
Until I give it, I can't do anything.  I can't even look at Symbolics's
sources.  Of course, we don't have any lmfs partitions on site and everything
is stored on our Unix fileservers thus making everything off limits until we
log in.

I don't remember what if anything we did to force the password authentication.

We do have one glaring security problem: once someone gives their Unix
password, anyone else who starts a console to that Symbolics host has access
to all the files and Unix hosts under the guise of the logged-in person's Unix
id. Because we have more Symbolics users than Symbolics hosts, we often have
piggy backed users (more than one person using the same Symbolics).  We also
have occasional people on the network accidentally telnet or rlogin to our
Symbolics hosts.  Of course, they don't recognize anything about the
environment and can't get any of their familiar Unix or pc commands to work;
so, they usually run into the halls screaming and shaking due to the exposure
:-)

Don Mitchell			dmitchell@trc.amoco.com
Amoco Production Company	(918) 660-4270
Tulsa Research Center
P.O. Box 3385, Tulsa, OK 74102