Although NFS provides several options for authentication, a popular choice is the ``UNIX style'' authentication [9], in which ``NFS servers accept client requests only if the client's network address appears in a list of trusted hosts.'' This scheme requires that the NFS file server trust the client's operating system.
The client's operating system authenticates a user at login time (usually by means of entering a password). Whenever that user requests access to a particular file, the local operating system determines if that user should be granted such access. If so, it requests the file from the NFS file server and then hands it off to the user.
If the security of the client's operating system is compromised, then the security of files served over NFS are compromised because NFS believes that the local operating system has properly authenticated the user.