Link to home
Start Free TrialLog in
Avatar of qball2k5
qball2k5

asked on

Passwords in fstab

Heyy Experts!

I have a troublesome user that keeps bugging me about this really little problem....I've been annoying him for a while...but I don't have anything else left to do so I'm going to attempt to appease him.

In fstab I have a network share that gets mounted like this:

\\server\share  /mnt/BKUP  smbfs  user,password=something,uid=501,gid=501,username=thatguy  0  0

He doesn't like the fact that his Windows domain password is used in a plain text file and there is no encryption. All my linux boxs are no on the Windows domain because our IT department doesn't support it (that's why I have a job!).

1) Is there anyway to have passwords in fstab encrypted?
2) is there a better (encrypted) way to mount of file system?

It can't involve joining the domain or anything like that..."they" (IT) won't allow such a stable system run on there domain.

Let me know what you think.

Thanks!

Rob

500 POINTS cause I want to shut up my silly user!
ASKER CERTIFIED SOLUTION
Avatar of pjedmond
pjedmond
Flag of United Kingdom of Great Britain and Northern Ireland image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Much nicer:

http://www.fedoraforum.org/forum/archive/index.php/t-2696.html

credentials file :)

As pointed out the password is still in clear text in the credentials file, but the file is not world readable.

HTH:)
Not sure that there is any real point in encrypting the password, as it is sent over the network in clear text, so a sniffer could also collect the password. To do anything more secure, then the Windows people will need to improve their security.
An encrypted solution for BSD...should be appliable to Linux?:

http://www.linuxformat.co.uk/index.php?name=PNphpBB2&file=viewtopic&p=19706
Looks like the 'credentials' approach is the expected way to deal with this, by putting the username and password into a file that the user only has access:

http://en.opensuse.org/SDB:Access_to_Windows_Shares

for another example......of course if he doesn't like it....get him to mount it manually:)