gary: Secure NFS is already here. Sun
designed a GSS authentication flavor for ONC RPC based on
work done at OpenVision. The OpenVision version (which MIT
uses in their Kerberos V admin tool) is called AUTH_GSSAPI,
whereas Sun's is called RPCSEC_GSS (there's other
differences too :)
So now you can use RPCSEC_GSS for NFS authentication, which
means you can use any GSS mechanism for which you have a
plug-in (Sun supports the old Diffie-Hellman based NIS+
system, new variations of that with longer keys and Kerberos
V). Specifications for other GSS mechanisms exist; see the
IETF RFC
Search and the RFC
draft repository (search for GSS and Generic Security
Service).
Because RPCSEC_GSS does not change existing ONC RPC
protocols it can be used to secure NFSv2 and NFSv3. But
software changes are needed.
Solaris 2.6, 7 and 8 all support RPCSEC_GSS and secure NFS.
NFSv4 also uses RPCSEC_GSS and, as part of the NFSv4 for
Linux initiative a Linux implementation of RPCSEC_GSS is
already available for Linux. I haven't followed the Linux
NFS
situation very closely, but it might be possible to do
secure NFS with Linux now or, if not now, soon.
NFSv4 probably shouldn't be called NFS anymore. It fixes
all/most of
the NFSv[23] problems. For example, NFSv4 is
stateful (i.e., it has open/close calls), using a variation
on the BSD NQNFS file leasing approach; it supports NFS
proxies; NT-style
ACLs; NT-style open modes; compound RPCs (one packet,
multiple calls); the mount protocol goes away; etc...
One more thing, all of Sun's ONC RPC framework is available
under the SISSL, IIRC a very liberal license which
essentially says you can do whatever you want with the code,
even modify and improve it while keeping your mods private,
as long as you publish any
extensions to the interfaces and reference code also under
the SISSL.