James G. Sack (jim) wrote:
DJA wrote:
I want to mount a Samba (CIFS) server share with mount.cifs. I can do
that, but mount always asks for the user's password. I want to mount
the share either at boot time, or at user login. But how would the
password be prompted for or entered in that case?
How about: for boot-time, put the credentials file in a root-owned
directory read & executable only by root.
Isn't this similar to the strategy used for example in automating
something over ssh or stunnel with an empty-passphrase-key.
..jim
Yes, this is an obvious solution, but still not ideal: the username and
passwords are still in plain text within the file. I realize that if
someone were able to read an owner r+x-protected file, then they don't
need the password to get into the file.
What I prefer is to be prompted for a password without explicitly having
to mount the server (e.g. use an fstab mount command at boot). Ideally,
each user would be prompted at login. But mount.cifs is only executable
by root.
The man page suggests making mount.cifs SUID. That would let a non-root
user mount the share, for instance from a script at log in. Is this safe
enough to pass muster with the more paranoid (yet practical) admins here?
Another site suggested using pam_mount to automate the process, but
didn't elaborate further than that.
--
Best Regards,
~DJA.
--
[email protected]
http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
