Browse Prior Art Database

NFS Version 2 and Version 3 Security Issues and the NFS Protocol's Use of RPCSEC_GSS and Kerberos V5 (RFC2623)

IP.com Disclosure Number: IPCOM000003210D
Original Publication Date: 1999-Jun-01
Included in the Prior Art Database: 2000-Sep-13
Document File: 16 page(s) / 40K

Publishing Venue

Internet Society Requests For Comment (RFCs)

Related People

M. Eisler: AUTHOR

Abstract

This memorandum clarifies various security issues involving the NFS protocol (Version 2 and Version 3 only) and then describes how the Version 2 and Version 3 of the NFS protocol use the RPCSEC_GSS security flavor protocol and Kerberos V5. This memorandum is provided so that people can write compatible implementations.

This text was extracted from a ASCII document.
This is the abbreviated version, containing approximately 7% of the total text.

Network Working Group M. Eisler

Request for Comments: 2623 Sun Microsystems, Inc.

Category: Standards Track June 1999

NFS Version 2 and Version 3 Security Issues and the NFS Protocol's

Use of RPCSEC_GSS and Kerberos V5

Status of this Memo

This document specifies an Internet standards track protocol for the

Internet community, and requests discussion and suggestions for

improvements. Please refer to the current edition of the "Internet

Official Protocol Standards" (STD 1) for the standardization state

and status of this protocol. Distribution of this memo is unlimited.

Copyright Notice

Copyright (C) The Internet Society (1999). All Rights Reserved.

Abstract

This memorandum clarifies various security issues involving the NFS

protocol (Version 2 and Version 3 only) and then describes how the

Version 2 and Version 3 of the NFS protocol use the RPCSEC_GSS

security flavor protocol and Kerberos V5. This memorandum is

provided so that people can write compatible implementations.

Table of Contents

1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 2

1.1. Overview of RPC Security Architecture . . . . . . . . . . . 3

2. Overview of NFS Security . . . . . . . . . . . . . . . . . . . 3

2.1. Port Monitoring . . . . . . . . . . . . . . . . . . . . . . 3

2.1.1. MOUNT Protocol . . . . . . . . . . . . . . . . . . . . . . 4

2.2. RPC Security Flavors . . . . . . . . . . . . . . . . . . . . 4

2.2.1. AUTH_SYS . . . . . . . . . . . . . . . . . . . . . . . . . 5

2.2.2. AUTH_DH and AUTH_KERB4 . . . . . . . . . . . . . . . . . . 5

2.2.3. RPCSEC_GSS . . . . . . . . . . . . . . . . . . . . . . . . 5

2.3. Authentication for NFS Procedures . . . . . . . . . . . . . 6

2.3.1. NULL Procedure . . . . . . . . . . . . . . . . . . . . . . 6

2.3.2. NFS Procedures Used at Mount Time . . . . . . . . . . . . 6

2.4. Binding Security Flavors to Exports . . . . . . . . . . . . 7

2.5. Anonymous Mapping . . . . . . . . . . . . . . . . . . . . . 7

2.6. Host-based Access Control . . . . . . . . . . . . . . . . . 8

2.7. Security Flavor Negotiation . . . . . . . . . . . . . . . . 8

2.8. Registering Flavors . . . . . . . . . . . . . . . . . . . . 9

3. The NFS Protocol's Use of RPCSEC_GSS . . . . . . . . . . . . 9

3.1. Server Principal . . . . . . . . . . . . . . . . . . . . . 9

3.2. Negotiation . . . . . . . . . . . . . . . . . . . . . . . 9

3.3. Changing RPCSEC_GSS Parameters . . . . . . . . . . . . . . 10

3.4. Registering Pseudo Flavors an...