Solved

Passwords in fstab

Posted on 2006-06-15
5
944 Views
Last Modified: 2013-12-16
Heyy Experts!

I have a troublesome user that keeps bugging me about this really little problem....I've been annoying him for a while...but I don't have anything else left to do so I'm going to attempt to appease him.

In fstab I have a network share that gets mounted like this:

\\server\share  /mnt/BKUP  smbfs  user,password=something,uid=501,gid=501,username=thatguy  0  0

He doesn't like the fact that his Windows domain password is used in a plain text file and there is no encryption. All my linux boxs are no on the Windows domain because our IT department doesn't support it (that's why I have a job!).

1) Is there anyway to have passwords in fstab encrypted?
2) is there a better (encrypted) way to mount of file system?

It can't involve joining the domain or anything like that..."they" (IT) won't allow such a stable system run on there domain.

Let me know what you think.

Thanks!

Rob

500 POINTS cause I want to shut up my silly user!
0
Comment
Question by:qball2k5
  • 5
5 Comments
 
LVL 22

Accepted Solution

by:
pjedmond earned 500 total points
ID: 16917015
The concept of plaintext passwords scares the hell out of me. I'd normally insist that my shares are mounted as part of a domain, or unified authentication setup, however, Suse, and Novell have a solution:

http://www.novell.com/coolsolutions/trench/16445.html
0
 
LVL 22

Expert Comment

by:pjedmond
ID: 16917022
Much nicer:

http://www.fedoraforum.org/forum/archive/index.php/t-2696.html

credentials file :)

As pointed out the password is still in clear text in the credentials file, but the file is not world readable.

HTH:)
0
 
LVL 22

Expert Comment

by:pjedmond
ID: 16917028
Not sure that there is any real point in encrypting the password, as it is sent over the network in clear text, so a sniffer could also collect the password. To do anything more secure, then the Windows people will need to improve their security.
0
 
LVL 22

Expert Comment

by:pjedmond
ID: 16917037
An encrypted solution for BSD...should be appliable to Linux?:

http://www.linuxformat.co.uk/index.php?name=PNphpBB2&file=viewtopic&p=19706
0
 
LVL 22

Expert Comment

by:pjedmond
ID: 16917047
Looks like the 'credentials' approach is the expected way to deal with this, by putting the username and password into a file that the user only has access:

http://en.opensuse.org/SDB:Access_to_Windows_Shares

for another example......of course if he doesn't like it....get him to mount it manually:)
0

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Remove a folder in Linux 9 105
High Bandwidth Usage 6 58
Install Predefined Certificate on Ubunto 4 40
Linux script delete files 3 35
rdate is a Linux command and the network time protocol for immediate date and time setup from another machine. The clocks are synchronized by entering rdate with the -s switch (command without switch just checks the time but does not set anything). …
Google Drive is extremely cheap offsite storage, and it's even possible to get extra storage for free for two years.  You can use the free account 15GB, and if you have an Android device..when you install Google Drive for the first time it will give…
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
Connecting to an Amazon Linux EC2 Instance from Windows Using PuTTY.

803 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question