[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: smbmount and PAM



On this issue, I've been thinking of coding such a pam module, but I'm not
sure if the password can be protected from snooping.  mount would take the
option as command line parameters.  

Is there a way to obscure the args to mount so a scan of mount processes
are ignored?  (also: mount's behavior sucks when mount.smb asks for
stdin)

Of course there are other issues, but this one seems to be a big blocker
for me.  If no one here knows I'll go to the mount folks... we should have
a pam module with this capability.

As a work around, I've put the passwords in the auto.home maps:

gizmo -fstype=smb,uid=gizmo,username=ntuser,password=ntpass ://ntbox/ntshare

Again, this sucks for many reasons, but not because the auto.home map is
world readable (it doesn't need to be)... Although I'm not certain it's
fully secure.  And of course users can read the map.  

This does have the advantage of running users cron jobs, etc.  I'm still
thinking of what would be needed to get into a most flexable situation,
but I think this pam module will suffice for most cases.

Kenneth




[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []