Question about secrets.tdb

Jeremy Allison jra at samba.org
Fri Dec 18 10:48:31 MST 2009


On Fri, Dec 18, 2009 at 06:23:30PM +0100, Holger Hetterich wrote:
> Hi,
> 
> I am currently implementing AES encryption support in 
> vfs_smb_traffic_analyzer.
> 
> I need to store a 128bit key which the module can read at runtime.
> Nothing complex, because it's going to be simple symmetric
> AES encryption, the module and the receiver is going to use the same
> key, there's no real authentification, it's just based on machine trust.
> 
> Now I would like to store the key in the secrets.tdb, for the module to fetch.
> The administrator would have to inject the key into the secrets.tdb, by
> using a helper script, and if the module finds the key, it automatically
> enables encryption. If not, it's going to run in the normal mode.
> 
> My main question is, would that be acceptable for the samba team?

Sure, don't see a problem with this. Just make sure you use
your own prefix so it doesn't clash with anything else there.

Jeremy.


More information about the samba-technical mailing list