Title.

The situation is basically this:

  • NFS works, it’s very fast, keeps the xattrs but if used without Kerberos it’s not secure. If used with Kerberos it works, but has a ticket that expires and forces me to reenter the credentials frequently in order to use it. If there was a way to use NFS with Kerberos and save the credentials NFS would be the perfect solution.

  • Samba works fine too, also keeps the xattrs but I had some troubles with filenames (mainly with some special characters, emoji, etc). Besides, as both my server and my clients run Linux I prefer to avoid it if I have the choice.

  • sshfs would be the natural choice, not as fast as NFS but it’s pretty secure, I already use it in most of my network shares but I just can’t find a way to make it preserve the files xattrs.

Do you guys have any suggestions or maybe any other options that I might use?

  • @IsoKiero@sopuli.xyz
    link
    fedilink
    English
    35 months ago

    I assume you don’t intend to copy the files but use them from a remote host? As security is a concern I suppose we’re talking about traffic over the public network where (if I’m not mistaken) kerberos with NFS doesn’t provide encryption, only authentication. You obviously can tunnel NFS with SSH or VPN and I’m pretty sure you can create a kerberos ticket which stores credentials locally for longer periods of time and/or read them from a file.

    SSH/VPN obviously causes some overhead, but they also provide encryption over the public network. If this is something ran in a LAN I wouldn’t worry too much about encrypting the traffic and in my own network I wouldn’t worry about authentication either too much. Maybe separate the NFS server to it’s own VLAN or firewall it heavily.