[Samba] Re: Using ssh for samba authentication?
Andrew Bartlett
abartlet at samba.org
Fri Jan 21 02:50:14 GMT 2005
On Tue, 2005-01-18 at 22:30 +0100, Igor Bukanov wrote:
> On Tue, 18 Jan 2005 11:49:00 -0800, "Jim C." <jcllings at javahop.com>
> said:
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> > | I use ssh port forwarding to connect to a samba server from Windows
> > ...
> > | ask for any password for shares?
> >
> > Why not set ssh up for public key auth? Coupled with Samba's own
> > encryption, it should be secure enough. ;-)
>
> I already use public key authentication in ssh and for this reason the
> additional password typing is annoyance that can potentially leak
> passwords. So I thought that maybe there was a way to start samba from
> ssh connection and assume that user already authentificated among the
> lines of sftp subsystem in ssh.
Yes, it is possible to construct such a system, but I really doubt it is
worth the pain. You would need to construct an auth module that
understood that SSH had already authenticated the user, while still
using the same username/password on the client as the server (this is
important for session key stuff), run smbd as the user initially (which
breaks certain behaviours where we become root).
On the client, you would need to forward the socket to the SSH process.
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Student Network Administrator, Hawker College http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba/attachments/20050121/cb9347c4/attachment.bin
More information about the samba
mailing list