RFC 2623 (rfc2623) - Page 2 of 19
NFS Version 2 and Version 3 Security Issues and the NFS Protocol's Use of RPCSEC_GSS and Kerberos V5
Alternative Format: Original Text Document
RFC 2623 NFS Security, RPCSEC_GSS, and Kerberos V5 June 1999
3.1. Server Principal . . . . . . . . . . . . . . . . . . . . . 9
3.2. Negotiation . . . . . . . . . . . . . . . . . . . . . . . 9
3.3. Changing RPCSEC_GSS Parameters . . . . . . . . . . . . . . 10
3.4. Registering Pseudo Flavors and Mappings . . . . . . . . . 11
4. The NFS Protocol over Kerberos V5 . . . . . . . . . . . . . 11
4.1. Issues with Kerberos V5 QOPs . . . . . . . . . . . . . . . 12
4.2. The NFS Protocol over Kerberos V5 Pseudo Flavor
Registration Entry . . . . . . . . . . . . . . . . . . . . 13
5. Security Considerations . . . . . . . . . . . . . . . . . . 14
6. IANA Considerations [RFC 2434] . . . . . . . . . . . . . . . 14
6.1. Pseudo Flavor Number . . . . . . . . . . . . . . . . . . . 14
6.2. String Name of Pseudo Flavor . . . . . . . . . . . . . . . 15
6.2.1. Name Space Size . . . . . . . . . . . . . . . . . . . . 15
6.2.2. Delegation . . . . . . . . . . . . . . . . . . . . . . . 15
6.2.3. Outside Review . . . . . . . . . . . . . . . . . . . . . 15
6.3. GSS-API Mechanism OID . . . . . . . . . . . . . . . . . . 15
6.4. GSS-API Mechanism Algorithm Values . . . . . . . . . . . . 15
6.5. RPCSEC_GSS Security Service . . . . . . . . . . . . . . . 16
References . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . . 17
Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 18
Full Copyright Statement . . . . . . . . . . . . . . . . . . . . 19
1. Introduction
The NFS protocol provides transparent remote access to shared file
systems across networks. The NFS protocol is designed to be machine,
operating system, network architecture, and security mechanism, and
transport protocol independent. This independence is achieved through
the use of ONC Remote Procedure Call (RPC) primitives built on top of
an eXternal Data Representation (XDR). NFS protocol Version 2 is
specified in the Network File System Protocol Specification
[RFC 1094]. A description of the initial implementation can be found
in [Sandberg]. NFS protocol Version 3 is specified in the NFS Version
3 Protocol Specification [RFC 1813]. A description of some initial
implementations can be found in [Pawlowski].
For the remainder of this document, whenever it refers to the NFS
protocol, it means NFS Version 2 and Version 3, unless otherwise
stated.
The RPC protocol is specified in the Remote Procedure Call Protocol
Specification Version 2 [RFC 1831]. The XDR protocol is specified in
External Data Representation Standard [RFC 1832].
A new RPC security flavor, RPCSEC_GSS, has been specified [RFC 2203].
This new flavor allows application protocols built on top of RPC to
access security mechanisms that adhere to the GSS-API specification
Eisler Standards Track