On Mon, 23 Oct 2000, Anibal Vasquez wrote:
My question is: is it secure to let samba authenticate a user on the linux-machine (lets say a current user "webmaster" who only owns the needed directories)? Does the option "encrypt passwords=yes" provide an acceptable level of security (this last question is may be OT?)?
Between the www-guy´s machine and the linux-machine are two or three routers, the whole network is about 150 machines big. All this other machines must be considered untrusted. Any of the files exported by samba are public, so no encryption of data is need.
Encrypted passwords does inhibit cleartext passwords for samba on the net. AFAIK there is no further host authentication done by samba (maybe when used as NT-PDC?). Any machine on the net can record and playback the password. You can use sambas "hosts allow" to make it listen only to specific IPs. If you really have to consider spoofed IPs that doesn't help either. Cheers Robert -- Robert Casties --------------------- http://philoscience.unibe.ch/~casties History & Philosophy of Science Tel: +41/31/631-8505 Room: 216 Institute for Exact Sciences Sidlerstrasse 5, CH-3012 Bern Uni Bern (PGP key on homepage: D7 2B DE 64 2D 65 16 A0)