Question about secrets.tdb
Jeremy Allison
jra at samba.org
Fri Dec 18 10:48:31 MST 2009
On Fri, Dec 18, 2009 at 06:23:30PM +0100, Holger Hetterich wrote:
> Hi,
>
> I am currently implementing AES encryption support in
> vfs_smb_traffic_analyzer.
>
> I need to store a 128bit key which the module can read at runtime.
> Nothing complex, because it's going to be simple symmetric
> AES encryption, the module and the receiver is going to use the same
> key, there's no real authentification, it's just based on machine trust.
>
> Now I would like to store the key in the secrets.tdb, for the module to fetch.
> The administrator would have to inject the key into the secrets.tdb, by
> using a helper script, and if the module finds the key, it automatically
> enables encryption. If not, it's going to run in the normal mode.
>
> My main question is, would that be acceptable for the samba team?
Sure, don't see a problem with this. Just make sure you use
your own prefix so it doesn't clash with anything else there.
Jeremy.
More information about the samba-technical
mailing list