Hello,
We're looking at mapping through storage from our NAS service to our
owncloud platform.
The obvious way to do this is via the external storage plugin and the
SMB / CIFS connector.
Unfortunately this has severe security implications (as far as I can
tell) in that :
- Owncloud caches and stores the users password (in our case their AD
password which clearly has wide ranging access across other services)
symmetrically encrypted in the database.
- It then decrypts to plaintext pass through to the smb4php module for
the backend connection.
This is extremely undesirable to us.
Is there a better way to do this? Either better integration of
authentication in this area or an alternative connection method that's
more secure?
We could also use sftp keys which would solve our issues (our NAS
platform support sftp access with key exchange as necessary). But the
sftp component of owncloud doesn't support sftp keys. The backend code /
library used seems to have support for sftp key exchange but would need
integrated / recoded in owncloud to support. Has anyone done this or
looking at implementing this code?
thanks!
Kev
--
ECDF Systems Team
e: [email protected]
t: +44 (0)131 650 4996
Information Services, University of Edinburgh, JCMB,
Kings Buildings, Edinburgh. EH9 3JZ. United Kingdom.
The University of Edinburgh is a charitable body, registered in
Scotland, with registration number SC005336.
_______________________________________________
User mailing list
[email protected]
http://mailman.owncloud.org/mailman/listinfo/user
