I would like to reiterate that mount.cifs does not transmitted password in plain text over the network. Unless you use ancient version, which I do not think is possible without extra effort on your side.
On Dec 5, 2017 7:26 AM, "michael" <[email protected]> wrote: > I'm thinking about how to address security concerns with mount.cifs from a > Pi 3 running Raspbian Stretch. > > An option is to have the customer run winscp server on their Windows > server and give me a login/password to a limited account that can see the > relevant shared files on the windows network. > > Granted, once I'm connecting via a limited account, the security concerns > are less for mount.cifs. OpenSSH is the code behind winscp, but from what > I can see, the administrator has to install winscp. > > If I ignore the security concern that the password transmits in the clear > with mount.cifs, it is simple for the Windows administrator to set up a > share and a limited login that can access that share. > > As far as active directory, etcetera, I don't understand how that works > where I lack the necessary time to learn how that works. PC-NFS has > problems similar to mount.cifs, unless of course Kerberos is used for > authentication. Again, I don't have time to learn how to setup Kerberos > and it would be a lot of work on the windows side. > > The Raspberry Pi 3 model B is limited on processing power and memory. > Push it hard enough and it will overheat. Keep in mind, the only time > truss files need to transfer from Windows to the Pi is when there is a > request for a new one that isn't already locally available. If scp is > used, that should be lighter than keeping a CIFS share or an NFS share > mounted between Linux and Windows. > _______________________________________________ > PLUG mailing list > [email protected] > http://lists.pdxlinux.org/mailman/listinfo/plug > _______________________________________________ PLUG mailing list [email protected] http://lists.pdxlinux.org/mailman/listinfo/plug
