[TriLUG] apple file sharing protocol

[Mike M]

On Sat, Apr 10, 2004 at 12:15:29AM -0400, Tanner Lovelace wrote:
> Aaron S. Joyner said the following on 4/9/04 10:40 PM:
> 
> [... lots of cool info snipped ...]
> 
> >similar.  If you ever get the urge to considering doing NFS over a 
> >public network, don't.  At least use SFS.

Good poop.
> 
> Or better yet, use something built to work over WANS like AFS.

I was going to check out the AFS googles, but
this from the SFS FAQ (http://www.fs.net/sfswww/) stopped me in my
tracks:

 NFS, for example, transmits secret file handles in every file system
 request. An attacker who learns the file handle of even a single
 directory can access the entire file system as any user. AFS, another
 widely-used network file system, does not keep the contents of private
 files secret from network eavesdroppers. Moreover, AFS uses an insecure
 message authentication code (MAC) to protect the integrity of
 communication between clients and servers. An active attacker can, with
 very little computation, tamper with and change the contents of AFS
 messages in transit. Coda has approximately the same security
 properties as AFS.
> 
> I'll also add that the reason I suggested Samba instead of NFS
> was that even though NFS is easy to setup on Linux, it's not
> quite as easy to setup on OS X.  I run NFS at home and it
> works fine.  Performance isn't an issue, but then again,
> I don't have a lab full of machines.

Me too. Lot's of machines with one user is OK for NFS too. Not
much security risk either.  OTH, I've been training myself
to go secure whenever I can.  I use ssh and scp in my one-man
lab.

Now I am wondering if Samba is a security hole?

Samba on LInux is not so bad. Sounds like the alternative (NFS on OSX) is
awful.  Probably get more better free help on Samba/Linux than
OSX/NFS too.
-- 
Mike

Moving forward in pushing back the envelope of the corporate paradigm.