DJA wrote:
James G. Sack (jim) wrote:
DJA wrote:
I want to mount a Samba (CIFS) server share with mount.cifs. I can do
that, but mount always asks for the user's password. I want to mount
the share either at boot time, or at user login. But how would the
password be prompted for or entered in that case?
How about: for boot-time, put the credentials file in a root-owned
directory read & executable only by root.
Isn't this similar to the strategy used for example in automating
something over ssh or stunnel with an empty-passphrase-key.
..jim
Yes, this is an obvious solution, but still not ideal: the username and
passwords are still in plain text within the file. I realize that if
someone were able to read an owner r+x-protected file, then they don't
need the password to get into the file.
What I prefer is to be prompted for a password without explicitly having
to mount the server (e.g. use an fstab mount command at boot). Ideally,
each user would be prompted at login. But mount.cifs is only executable
by root.
The man page suggests making mount.cifs SUID. That would let a non-root
user mount the share, for instance from a script at log in. Is this safe
enough to pass muster with the more paranoid (yet practical) admins here?
Another site suggested using pam_mount to automate the process, but
didn't elaborate further than that.
some combination of pam + samba maybe?
You said you didn't have access to the CIFS server. Is it an AD
environment? Can you learn anything through smbclient and/or wbinfo.
<HAND-WAVING WARNING>
I'm kindof rusty on this, but maybe you can get pam to logon to the
windows domain and then the kerberos credentials get cached, do they not?
Maybe this is covered in docs about "Single Sign On"?
Regards
..jim
--
[email protected]
http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
