For securing NFS (Network File System), the mount option krb5p
can be used to encrypt all traffic between the file server and the NFS client. Authentication and key exchange is based on Kerberos.
Here is an example on how to configure that for Debian: https://wiki.debian.org/NFS/Kerberos
Unfortunately, there seems to be no way to configure the cipher used for this transport enryption. What cipher is used and how can this be configured, selected, or enforced?
Without having used NFSv4 with Kerberos but used it in many other places, you are referring to confidentiality provided by the GSS-API through Kerberos which is implemented with gss_wrap(3)/gss_unwrap(3)
. It provides a quality of protection parameter but I am quite certain that NFSv4 will leave it null => at discretion of the mechanism.
Anyway, given that GSS-API completely abstracts from the mechanism, you probably have no choice but you still can do something about it. Enable in your KDC at least RC4, at best AES128 and AES256. Implementations will use best available cipher. You can scan traffic between the client and TGS (TGS-REQ
and TGS-REP
), client and server (NFS
) to see which encryption type has been negotiated and this will highly be used for wrapping/unwrapping. You can always read the RFCs as I did but this will take a lot of time to understand.
Hope this helps. Of course, I could be completely wrong about NFSv4 internals.
Just made some digging and I am quite certain now that my analysis is correct. RFC 7530, chapter 3.2.1 talks about Kerberos 5 mandatory privacy for krb5p
as well as AES along with HMAC-SHA1. Further reading leads to the RFC 2203 (RPCSEC_GSS spec) which talks about gss_wrap/gss_unwrap
.