Hi all,
I hope that this isn't too obvious a question but here goes....
I'm wondering how people are handling NFS security in environments where you have a lot of Mac OS X or Linux computer systems. For ease of administration, I would love to be able to specify that any computer within our network has read access to various qtrees. But this opens up a can of worms in that anybody with root access on their local Mac or Linux box can spoof user accounts with legitimate UID's and GID's. This essentially gives away the keys to the kingdom.
The other obvious alternative is using netgroups but that would be a lot of administration as machines come and go. It's certainly better than opening up access to everybody but not a course that I'd like to take.
Both MacOS X and Linux have support for smb (cifs) filesystems, so you could use CIFS instead. It doesn't dovetail with unix as nicely as NFS, but it may be good enough.
Steve Losen scl@virginia.edu phone: 434-924-0640
University of Virginia ITC Unix Support