Currently i have a simple file server sharing files using plain NFS
Access is granted/denied only by IP number
File permissions if i understand correctly are governed only on the client side. (works but i have not testef forging)
It is working; on clients i set computer IP manually, and registers users and their user and group ID numbers the same on all computers.
But on the server i have half-sensitive info, and also clients files that i promised to protect.
So i encrypt the disks and of course the wireless LAN
So it just do not feel OK that it is possible for "anyone" to look at network traffic, and set IP like a granted computer and read files.
Maybe i should set file permissions 640 so user need to have any correct group or user id even for reading, and use unusual group and user ID numbers.
But it is not "water tight" and i have no idea how to maintain all applications for all users create files with 640 permissions.
NFSv4 have many functions, among them i want to utilise:
grant users securely using Kerberos
encrypt all traffic
improved buffering of several sorts
I just can not find a clear simple guide how to set up and learn to use Kerberos for this single use.. anyone can give a hint?
Or anyone have an alternate idea
I also want it to time out and later automount after hibernation/reboot/being off network as several are laptops, and i also want it to work without hickups when switcing between wireless and wired network, thus changing IP "on the fly"
I want to implement this sometime before summer when i make a new server running mga3
For company and even family use i think reliable and validated secured file server is important, so this *should* be made easy to implement....