James G. Sack (jim) wrote: > Andrew Lentvorski wrote: >> Okay, I have been really wanting a NAS box for my house. >> >> I finally broke down and bought a Buffalo LinkStation Live from Fry's. A >> bit expensive (and I could probably get away with the LinkStation Pro >> which appears to be lower on the chain), but it seems to do what I want. >> >> It includes an gigabit ethernet, an internal SATA hard drive, two >> external USB ports which can hold other drives, a printer, etc. >> >> Best of all--it's Linux under the hood. Yay. It even uses XFS for the >> filesystem. Bonus! >> >> I presume it's running Samba under the hood. I see no particular reason >> to change that, right now, so my question is: >> >> How do I secure Samba? Is there a way to encrypt everything, or is it >> all in the clear? How about passwords? Is there a way to set up keys? >> >> Any suggestion would be welcome. > > Someone probably is more up-to-date than I am, but.. > > Last I looked (couple-of-years ago), auth is encrypted by default, > whichever mechanism is used (unless you go to some pain to config plain > passwords). > > File transfer is not encrypted, and I don't ever recall seeing anything > hinting options to do otherwise. >
Regarding keys, the Windows way use kerberos, or you can use auth via openldap (and get pki involved there). I suspect a pam-wizard could make auth work in even more ways. I also see some discussion of samba via stunnel, which might actually be simpler in your environment, eh? Regards, ..jim -- [email protected] http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
