Dan Rickhoff wrote:
Samba group members,
Is the password that I specify when logging into SWAT handled securely?
I'd like to use the Samba Web Administration Tool (SWAT) to create and
administer Samba shares that will be used by our users of ClearCase on
Windows. That requires that I log in to the Samba host as root. I
access SWAT via Internet Explorer (from any machine) buy specifying the
URL http://machine:901;,
For my ClearCase-related Samba Administration, our UNIX Sys
Administrator is OK with giving me the password for user root on that
machine, but he fears that the password entered in that login window
will be transferred over the network as cleartext. That is, he fears
that the password might be too easily observed by prying eyes.
QUESTIONS:
1) Is the password handled securely during my SWAT login?
Without knowing anything at all about SWAT specifically, I can tell you
that your administrator is exactly right to be worried, because you are
almost without doubt using clear HTTP; the 'http:', rather than 'https:'
tells me this.
You might want to look into running SWAT with secure-HTTP. It might be
as easy as changing a couple of configuration parameters.
Or, login in with SSH using Putty or TeraTerm, port-forwarding 901, then
run your browser against http://localhost:901. :-)
2) If the answer to Q1 is No, then might it be Yes if I used a
browser (Netscape) that is running on the same machine that I'm loggng
in to?
Yeah, pretty much, if there's nobody on that machine getting into your
socket communication. :-)
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
