On Thu, 2005-12-22 at 11:04 +0100, Felix Brack wrote: > Hello Andrew, > > In my case, clear over the network would be ok. The problem I am > trying to solve is: I can setup Samba PDC perfectly so every user > get's some space which is accessible by nobody else. The administrator > of the samba server however (at least the user root) has access to > all files of all users. > The normal user has no LINUX login account on the box running the > samba server. > I could ask the users to run TrueCrypt (www.truecrypt.org) and create > a encrypted file on their home directory on the Samba server. This > works perfect but I was just looking for an even more transparent > solution which I think could be provided by some sort of VFS module.
We run into issues such as 'how do you key the crypto'. The administrator has access to any secrets stored on the server, so how would Samba decrypt the data, but the administrator not? Without protocol modifications, or some extra client-side tool, this becomes quite a challenge. And then the administrator could still subvert the whole thing. A slightly easier goal would be to protect files on a stolen hard disk (ie trust the admin, but not always the person with the server), but I still don't see how to do it without protocol modifications. Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Student Network Administrator, Hawker College http://hawkerc.net
signature.asc
Description: This is a digitally signed message part
-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
