| T.R | Title | User | Personal Name
 | Date | Lines | 
|---|
| 5497.1 | no | LASSIE::CORENZWIT | stuck in postcrypt queue | Mon May 12 1997 09:29 | 6 | 
|  |     No.  If this is a revenue-related question, you should contact the
    Product Manager, at present Barbara (DELNI::)Karten.  If Secure-NFS is
    the same thing as NFS with Kerberos support, better say that, and if
    not say what Secure-NFS is.
    
    Julie
 | 
| 5497.2 | It's about Sun Solaris NFS | KETJE::STAES | Topless = No brains at all | Tue May 13 1997 07:39 | 43 | 
|  | Apologies.
I should have started with the question "does anyone know what Secure-NFS
is"?  I used this terminology, because that is how my customer called it.
In the meantime I found out that it refers to the authentication services
available for NFS on Sun Solaris.
from:		http://www.sun.com/solaris/desktop/nfs_15.html#86853
		Solaris Products
		NFS Security
		.../...
                Authentication Services
                An authentication service provides a mechanism for
                checking a users's network "identification" to make sure
                they are who they claim to be before being allowed to
                use resources. NFS can be configured to utilize two
                authentication services: one based on the Diffie-Hellman
                key exchange protocol and one using Kerberos. In
                addition, NFS can also utilize a simple authentication
                mechanism that is referred to as "Unix-style"
                authentication. NFS is able to utilize multiple
                authentication "flavors" by virtue of the fact that they
                are accessible through the TI-RPC service.
So back to the start.  Do we have anything available on UCX, sorry, TCP/IP
services for OpenVMS, which can handle this type of authenticated service
requests?
This would provide a more secure alternative to FTP file transfers which
are forbidden - by policy - on that specific part of the customer's network.
But I'm afraid the answer is still "no".  Or not?
Regards,
Nand.
 | 
| 5497.3 | Can it be created? | EVMS::EVERHART |  | Tue May 13 1997 11:30 | 11 | 
|  |     There is a TCP Wrappers for UCX. Can it be used to force a run of
    some hand written authenticator before allowing an nfs hookup?
    Such an authenticator might set some dynamic identifiers or clear
    them, if there can be a separate process created for an nfs
    session to which these identifiers could be added.
    
    Such an authenticator might not be what Sun has, but could
    perhaps be used to differentiate someone on a known internal
    system from total outsiders. Or is there no process context or
    the like to hang anything on to?
    
 | 
| 5497.4 |  | UCXAXP::GEMIGNANI |  | Tue May 13 1997 14:12 | 8 | 
|  |     There is currently no way to do this (with the UCX releases which are
    available).  The item (you referenced) eluded to TI-NFS (probably using the
    transport-independent RPC).  NFS could conceivably accept relayed
    requests from an intermediary, but not in its current form, as there is
    host verification which is performed.
    
    We are investigating several possibilities for a future release of the
    product.
 |