Smbmount password interfaces
W. Michael Petullo
mike at flyn.org
Mon Nov 11 17:06:08 GMT 2002
I'm the new maintainer of pam_mount, a PAM module that allows SMB (and
other types of) volumes to be mounted for a user when he logs in using
his system password. In the past, pam_mount has passed a volume password
to smbmount using the -P parameter or PASSWD environment variable.
This is not acceptable, as any user can learn other's passwords with
some creative ps usage. However, smbmount does not currently allow a
more secure means to enter passwords.
Using a credentials file is not really appropriate for pam_mount either.
Pam_mount needs to be able to get the system password from PAM and ship
it off to smbmount somehow. A static password file does not really
work nicely.
When patched with the kerneli.org GNU/Linux CryptoAPI patch, mount allows
passwords to be read from stdin if the -p parameter is used:
mount -p0 ...
The number is the file descriptor to read the password from.
Could you implement a similar option in smbmount? When the current
version of smbmount prompts for a password, it tries to read it from
/dev/tty. Allowing a user to tell smbmount to read its password from
stdin would make smbmount more flexible in pipelines.
--
Mike
:wq
More information about the samba-technical
mailing list