There have been quite some changes between versions 3 and 4 of the NFS protocol.
From an administrator’s perspective, the following changes were introduced:
- User / group id mapping:
Version 3 and below used a numeric user / group id based mapping: so a user with user id 1000 on the client was mapped to a user with the same id on the server. - Security:
Security of older NFS versions was solely based on the security of all involved systems/networks: giving access to your NFS service to one client machine controlled by someone else meant to give away your data.
In NFSv4 security / encryption options were introduced, (some implementations supported them in version 3, but this was non-standard). Using Kerberos to authenticate machines and users makes NFS safe again. - RPC portmapper ports:
Version 3 and below used a system called RPC portmapper to register and publish additional NFS services. This resulted in multiple ports being used – and what made things worse: those could be allocated randomly. While the Linux NFS implementation offered options to locate those services at fixed ports, other implementations did not. Firewalling this dynamic port allocation was a mess. With version 4 we get “one Port to rule them all”: 2049. - Permissions:
NFSv4 also introduced fine-grained access contol lists (ACLs) – very similar to those used in the CIFS/Windows world. In former versions some NFS implementations supported the so-called Posix ACLs, however they were never standardized and therefore not implemented by most vendors.