DaemonForums  

Go Back   DaemonForums > OpenBSD > OpenBSD Packages and Ports

OpenBSD Packages and Ports Installation and upgrading of packages and ports on OpenBSD.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 16th October 2018
beavers beavers is offline
Fdisk Soldier
 
Join Date: Nov 2017
Posts: 54
Default Replacement for NFS?

What do OpenBSD folks use instead of NFS (other than Samba)? I know there's an older version included in base, but I get the impression it's not very secure.
Reply With Quote
  #2   (View Single Post)  
Old 17th October 2018
bsd-keith bsd-keith is offline
Real Name: Keith
Open Source Software user
 
Join Date: Jun 2014
Location: Surrey/Hants Border, England
Posts: 177
Default

If it's in the base system, it will have been checked over, as are all the utility programs in the base system, OpenBSD prides itself on security of the base install.

I'd think it as secure as your server is, that's more likely to be a weak point, if not set up correctly.
__________________
Linux since 1999, & also a BSD user.
Reply With Quote
  #3   (View Single Post)  
Old 17th October 2018
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 6,385
Default

OpenBSD includes NFS V3. The OpenBSD FAQ includes a section on NFS. It does not cover securing NFS, since the options available to the infrastructure admin are well outside the bounds of a simple FAQ.

https://www.openbsd.org/faq/faq6.html#NFS

To secure network traffic, the admin must use some form of private networking. Options include physically independent networks, 802.1Q VLANs, and IPSec encryption.
Reply With Quote
  #4   (View Single Post)  
Old 17th October 2018
beavers beavers is offline
Fdisk Soldier
 
Join Date: Nov 2017
Posts: 54
Default

Didn't mean to imply that the implementation was insecure, I had just gotten the impression that NFSv3 relies mostly on the trustworthiness of the network. I'm hesitant to do that, even on my own home network. I think the below is what I had remembered (which has since been removed from the FAQ). Maybe this simply isn't an issue on a local network?

Quote:
https://web.archive.org/web/20170213.../faq6.html#NFS:

If you are allowing outside access to your NFS server, and you have any kind of sensitive data stored on it, we strongly recommend that you employ IPsec. Otherwise, people can potentially see your NFS traffic. Someone could also pretend to be the IP address which you are allowing into your NFS server. There are several attacks that can result. When properly configured, IPsec protects against these types of attacks.
I've been using sshfs from packages, which works well enough. I was just wondering if there was a more appropriate tool for the job. I'll have a look at IPSec+NFS.

I also see OpenAFS in ports, anyone have any experience or knowledge of it?
Reply With Quote
  #5   (View Single Post)  
Old 17th October 2018
ibara's Avatar
ibara ibara is offline
Future Defcon 201 speaker
 
Join Date: Jan 2014
Posts: 634
Default

OpenAFS in ports is extremely old and extremely broken. In fact, you can't actually build it, nor is there a package available.

NFS really is the way to go, with CIFS (samba) and SSHFS behind that. There is also the Apple Filing Protocol (AFP) which you can set up a server through the net/netatalk3 package and browse AFP shares through any GVfs-enabled file manager, such as GNOME3 nautilus, MATE caja, or Xfce Thunar.
Reply With Quote
  #6   (View Single Post)  
Old 17th October 2018
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 6,385
Default

Quote:
Originally Posted by ibara View Post
OpenAFS in ports is extremely old and extremely broken. In fact, you can't actually build it, nor is there a package available.
And it's $ONLY_FOR_ARCHS=i386.

In the Project's history, there was an AFS client implementation at one time. The last cruft for it was removed in 2012.
Reply With Quote
  #7   (View Single Post)  
Old 17th October 2018
ibara's Avatar
ibara ibara is offline
Future Defcon 201 speaker
 
Join Date: Jan 2014
Posts: 634
Default

Quote:
Originally Posted by jggimi View Post
And it's $ONLY_FOR_ARCHS=i386.
And also BROKEN-i386
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Replacement for Hsetroot? cats OpenBSD Packages and Ports 0 10th April 2015 10:27 AM
Remote Replacement of OS mwatkins FreeBSD Installation and Upgrading 4 5th April 2009 04:01 AM
Trisentry replacement? neurosis FreeBSD Security 0 10th December 2008 04:09 PM
MB + CPU replacement mururoa FreeBSD General 10 21st November 2008 08:21 PM
Replacement for Mail? Bruco FreeBSD Ports and Packages 9 14th June 2008 05:15 PM


All times are GMT. The time now is 03:13 AM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2018, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick