Oracle ZFS Storage Appliance Security Overview
NFS Authentication and Encryption Options
Active Directory (AD) Domain Mode Authentication
Administrative Operations via the Microsoft Management Console (MMC)
Delay Engine for Timing Attacks
Network Data Management Protocol (NDMP)
SSH File Transfer Protocol (SFTP)
HTTP provides access to file systems using the HTTP and HTTPS protocols and the HTTP extension Web based Distributed Authoring and Versioning (WebDAV). This lets clients access shared file systems through a web browser or as a local file system if their client software supports it. The HTTPS server uses a self-signed security certificate.
The following properties are available:
Require client login - Clients must authenticate before share access is allowed, and files they create will have their ownership. If this is not set, files created will be owned by the HTTP service with user "nobody”.
Protocols - Select which access methods to support: HTTP, HTTPS, or both.
HTTP Port (for incoming connections) - HTTP port, the default is port 80.
HTTPS Port (for incoming secure connections) - HTTP port, the default port is 443.
When Require Client Login is enabled, the ZFSSA denies access to clients that do not supply valid authentication credentials for a local user, a NIS user, or an LDAP user. Active Directory authentication is not supported. Only basic HTTP authentication is supported. Unless HTTPS is being used, this transmits the username and password unencrypted, which may not be appropriate for all environments. If Require Client Login is disabled, the ZFSSA does not try to authenticate.
Regardless of authentication, permissions are not masked from created files and directories. Newly created files have permissions read and write by everyone. Newly created directories have permissions read, write, and execute by everyone.