qball2k5
asked on
Passwords in fstab
Heyy Experts!
I have a troublesome user that keeps bugging me about this really little problem....I've been annoying him for a while...but I don't have anything else left to do so I'm going to attempt to appease him.
In fstab I have a network share that gets mounted like this:
\\server\share /mnt/BKUP smbfs user,password=something,ui d=501,gid= 501,userna me=thatguy 0 0
He doesn't like the fact that his Windows domain password is used in a plain text file and there is no encryption. All my linux boxs are no on the Windows domain because our IT department doesn't support it (that's why I have a job!).
1) Is there anyway to have passwords in fstab encrypted?
2) is there a better (encrypted) way to mount of file system?
It can't involve joining the domain or anything like that..."they" (IT) won't allow such a stable system run on there domain.
Let me know what you think.
Thanks!
Rob
500 POINTS cause I want to shut up my silly user!
I have a troublesome user that keeps bugging me about this really little problem....I've been annoying him for a while...but I don't have anything else left to do so I'm going to attempt to appease him.
In fstab I have a network share that gets mounted like this:
\\server\share /mnt/BKUP smbfs user,password=something,ui
He doesn't like the fact that his Windows domain password is used in a plain text file and there is no encryption. All my linux boxs are no on the Windows domain because our IT department doesn't support it (that's why I have a job!).
1) Is there anyway to have passwords in fstab encrypted?
2) is there a better (encrypted) way to mount of file system?
It can't involve joining the domain or anything like that..."they" (IT) won't allow such a stable system run on there domain.
Let me know what you think.
Thanks!
Rob
500 POINTS cause I want to shut up my silly user!
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Not sure that there is any real point in encrypting the password, as it is sent over the network in clear text, so a sniffer could also collect the password. To do anything more secure, then the Windows people will need to improve their security.
An encrypted solution for BSD...should be appliable to Linux?:
http://www.linuxformat.co.uk/index.php?name=PNphpBB2&file=viewtopic&p=19706
http://www.linuxformat.co.uk/index.php?name=PNphpBB2&file=viewtopic&p=19706
Looks like the 'credentials' approach is the expected way to deal with this, by putting the username and password into a file that the user only has access:
http://en.opensuse.org/SDB:Access_to_Windows_Shares
for another example......of course if he doesn't like it....get him to mount it manually:)
http://en.opensuse.org/SDB:Access_to_Windows_Shares
for another example......of course if he doesn't like it....get him to mount it manually:)
http://www.fedoraforum.org/forum/archive/index.php/t-2696.html
credentials file :)
As pointed out the password is still in clear text in the credentials file, but the file is not world readable.
HTH:)