Re: [Samba] SWAT login - is password entry secure?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Wed, 26 Feb 2003, Dan Rickhoff wrote: Samba group members, Is the password that I specify when logging into SWAT handled securely? no. but you can use stunnel. There's a short howto linked on http://samba.org/samba/docs/ cheers, jerry -- Hewlett-Packard- http://www.hp.com SAMBA Team -- http://www.samba.org GnuPG Key http://www.plainjoe.org/gpg_public.asc You can never go home again, Oatman, but I guess you can shop there. --John Cusack - Grosse Point Blank (1997) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.0 (GNU/Linux) Comment: For info see http://quantumlab.net/pine_privacy_guard/ iD8DBQE+ZL7gIR7qMdg1EfYRAuGgAKCQ3HiNiaft4G5zwYQv3gtPwF+dKQCePO23 /nCUOwDlokFyLYiYz8+LdSU= =7/UP -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] SWAT login - is password entry secure?
Dan Rickhoff wrote: Samba group members, Is the password that I specify when logging into SWAT handled securely? I'd like to use the Samba Web Administration Tool (SWAT) to create and administer Samba shares that will be used by our users of ClearCase on Windows. That requires that I log in to the Samba host as root. I access SWAT via Internet Explorer (from any machine) buy specifying the URL http://machine:901;, For my ClearCase-related Samba Administration, our UNIX Sys Administrator is OK with giving me the password for user root on that machine, but he fears that the password entered in that login window will be transferred over the network as cleartext. That is, he fears that the password might be too easily observed by prying eyes. QUESTIONS: 1) Is the password handled securely during my SWAT login? Without knowing anything at all about SWAT specifically, I can tell you that your administrator is exactly right to be worried, because you are almost without doubt using clear HTTP; the 'http:', rather than 'https:' tells me this. You might want to look into running SWAT with secure-HTTP. It might be as easy as changing a couple of configuration parameters. Or, login in with SSH using Putty or TeraTerm, port-forwarding 901, then run your browser against http://localhost:901. :-) 2) If the answer to Q1 is No, then might it be Yes if I used a browser (Netscape) that is running on the same machine that I'm loggng in to? Yeah, pretty much, if there's nobody on that machine getting into your socket communication. :-) -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] SWAT login - is password entry secure?
Samba group members, Is the password that I specify when logging into SWAT handled securely? I'd like to use the Samba Web Administration Tool (SWAT) to create and administer Samba shares that will be used by our users of ClearCase on Windows. That requires that I log in to the Samba host as root. I access SWAT via Internet Explorer (from any machine) buy specifying the URL http://machine:901;, where instead of machine I actually enter the name of the machine on which I want to administer Samba, and on which Samba (64-bit 2.2.7a) and SWAT are installed. In response to that URL, a window titled Enter Network Password is displayed, that window: * Indicates that the Site is the machine I specified * Indicates that the Realm is SWAT * Has fields for entry of User Name and Password For my ClearCase-related Samba Administration, our UNIX Sys Administrator is OK with giving me the password for user root on that machine, but he fears that the password entered in that login window will be transferred over the network as cleartext. That is, he fears that the password might be too easily observed by prying eyes. QUESTIONS: 1) Is the password handled securely during my SWAT login? 2) If the answer to Q1 is No, then might it be Yes if I used a browser (Netscape) that is running on the same machine that I'm loggng in to? Thanks, Dan Dan Rickhoff Software Configuration Management [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba