the probelm is that the password is still trasmitted over the network in clear text thus anyone running a sniffer on the network may be able to get your passwords. Ideally if you can have a linux box on his end as well and then do a VPN using swan you can be sure your communications are not being tapped. Otherwise for me I use a web based interface for users who want to upload their pages using mod_dav and webrfm and of course I use ssl for it.
Here we go merrily smoking crack again~ SMB can use encrypted passwords. [seifried@stench seifried]$ grep pass /etc/samba/smb.conf encrypt passwords = Yes password server = 10.3.0.20 You can also SSL wrap all SMB communications (yes, windows supports it). From man smb.conf: o ssl o ssl CA certDir o ssl CA certFile o ssl ciphers o ssl client cert o ssl client key o ssl compatibility o ssl hosts o ssl hosts resign o ssl require clientcert o ssl require servercert o ssl server cert o ssl server key o ssl version Kurt Seifried - seifried@securityportal.com SecurityPortal, your focal point for security on the net http://www.securityportal.com/