Connectathon is almost over!
By erickustarz on Mar 02, 2005
The ultimate in NFS conferences, Connectathon is now in its final days for 05.
check out the talks:
The last one had a interesting security note:
pNFS Update and Security Discussion - Brent Welch, Panasas
In reference to pNFS (later blog), the block solution for "security" from the client to the data servers is authenticated via a "capability". The only problem being that this completely susceptible to snoop/man in the middle attacks. So we really relying on physical access to the network.
And i believe i was just complaining to fellow group memebers last week how silly it was that we still support DH - oh well.
man i hate blocks.
Note: Brent is a super sharp guy and didn't come up with the security solution, he was just explaining it.
Note2: Brent mentioned you could use IPsec to protect the "capability", but why not just use a files solution and krb5?