Return to BSD News archive
Xref: sserve comp.sys.powerpc:30788 comp.sys.intel:27268 comp.os.misc:3610 comp.unix.bsd:15762 comp.unix.pc-clone.32bit:7922 comp.unix.sys5.r4:8961 comp.unix.misc:15312 comp.os.linux.development:21837 comp.os.linux.misc:32491 comp.os.linux.misc:32492 comp.os.386bsd.development:2931 comp.os.386bsd.misc:4582 Path: sserve!newshost.anu.edu.au!munnari.oz.au!constellation!bubba.ucc.okstate.edu!newsfeed.ksu.ksu.edu!moe.ksu.ksu.edu!vixen.cso.uiuc.edu!howland.reston.ans.net!gatech!psuvax1!psuvax1.cse.psu.edu!schwartz From: schwartz@galapagos.cse.psu.edu (Scott Schwartz) Newsgroups: comp.sys.powerpc,comp.sys.intel,comp.os.misc,comp.unix.bsd,comp.unix.pc-clone.32bit,comp.unix.sys5.r4,comp.unix.misc,comp.os.linux.development,comp.os.linux.misc,comp.os.linux.misc,comp.os.386bsd.development,comp.os.386bsd.misc Subject: Re: Interested in PowerPC for Linux / FreeBSD / NetBSD? Date: 27 Dec 1994 18:54:16 GMT Organization: Penn State Comp Sci & Eng Lines: 37 Message-ID: <SCHWARTZ.94Dec27135416@galapagos.cse.psu.edu> References: <3cilp3$143@news-2.csn.net> <3d4ucp$sbn@hearst.cac.psu.edu> <SCHWARTZ.94Dec23232817@galapagos.cse.psu.edu> <D1HBBs.Hyy@park.uvsc.edu> NNTP-Posting-Host: galapagos.cse.psu.edu In-reply-to: Terry Lambert's message of Tue, 27 Dec 1994 17:02:12 GMT Terry Lambert <terry@cs.weber.edu> writes: schwartz@galapagos.cse.psu.edu (Scott Schwartz) wrote: ] If Microsoft is clever, they'll integrate Kerberos and then loudly ] advertise the sad-but-true fact that unix usually doesn't use the kind ] of robust authentication mechanism that life on the the internet ] demands. ] ] Since you mention NFS, check out the latest advisory from CERT on NFS ] to see the impact of this foolish lack of authentication. Clearly, you have not followed the current developements in NFS if you believe you can't use secure-key technology. On the contrary. I have followed the current developments, and I have all the papers you mention. The problem is that in actual practice NFS almost never uses an authentication system. There's no excuse for that, and yet that is exactly the way most vendors ship it and most users run it. That's why CERT had to issue an advisory recommending a bunch of desperate kludges. And you are simply dreaming if you bitch about compatability when running the secure version of anything. There shouldn't be a "secure version", because that implies that there is a default version which is insecure. There should be exactly one version that does the right thing all of the time. Works for AFS. Works for Plan 9. And no, I don't think compatability with something broken is worth it. If you don't care to secure all of your equipment by running non- antiquated software, may I suggest ipfilter? That doesn't address the problem. People do want to run non-antiquated software, but AFS costs way too much money and rn doesn't run on Plan-9. I suggest that vendors ship NFS with Kerberos and with no way to turn authentication off.