[GTALUG] The current state of NFS

[Lennart Sorensen]

On Thu, Feb 22, 2018 at 03:25:49PM -0500, Giles Orr via talk wrote:
> I used to use NFS back in 2000 - back when we still thought unsecured local
> services were okay.  And I loved it - it was slow, but very useful.  So I'd
> like to start using it again, but I want it secured.  Apparently NFSv4
> "mandates strong security" (according to Wikipedia): does that mean for
> authentication, or encryption of files "in flight," or both?  And I keep
> seeing it mentioned with Kerberos: I've been researching Kerberos a bit and
> that really looks like something I'd rather NOT have to set up.  Is it
> possible to run NFSv4 without Kerberos?  Pointers to recent, good tutorials
> would also be deeply appreciated.
> 
> I'm using Fedora 27 and Debian (stable or testing) on the clients.  You can
> stomp me if you like for my plan to use a Raspberry Pi as the server - I'm
> not looking for speed as this will mostly be for backups.  I'd probably use
> Raspbian unless there's a compelling reason to use one of the other Pi
> distros.  Of course if this will really need more memory than the Pi has,
> that's another issue ...

My understanding of NFSv4 is that it is not NFS.  It is something new
and complicated that is way beyond what previous NFS versions did.
Sure it's called NFS, but it's different.

I too looked at it, got to kerberos, and then went the other direction.

NFS before v4 were invented at SUN.  NFS v4 was done by the IETF.  It was
based on ideas from AFS and SMB/CIFS.

I found something that seems to indicate it is possible to make NFSv4
run without kerberos and all that:
https://lists.debian.org/debian-user/2017/10/msg00476.html

-- 
Len Sorensen