[Samba] SWAT login - is password entry secure?
Dan Rickhoff
rickhoff1 at llnl.gov
Wed Feb 26 17:37:51 GMT 2003
Samba group members,
Is the password that I specify when logging into SWAT handled securely?
I'd like to use the Samba Web Administration Tool (SWAT) to create and
administer Samba "shares" that will be used by our users of ClearCase on
Windows. That requires that I log in to the Samba host as "root". I
access SWAT via Internet Explorer (from any machine) buy specifying the URL
"http://machine:901", where instead of "machine" I actually enter the name
of the machine on which I want to administer Samba, and on which Samba
(64-bit 2.2.7a) and SWAT are installed. In response to that URL, a window
titled "Enter Network Password" is displayed, that window:
* Indicates that the "Site" is the machine I specified
* Indicates that the "Realm" is "SWAT"
* Has fields for entry of "User Name" and "Password"
For my ClearCase-related Samba Administration, our UNIX Sys Administrator
is OK with giving me the password for user "root" on that machine, but he
fears that the password entered in that login window will be transferred
over the network as "cleartext". That is, he fears that the password might
be too easily observed by prying eyes.
QUESTIONS:
1) Is the password handled securely during my SWAT login?
2) If the answer to Q1 is "No", then might it be "Yes" if I used a browser
(Netscape) that is running on the same machine that I'm loggng in to?
Thanks,
Dan
Dan Rickhoff
Software Configuration Management
rickhoff1 at llnl.gov
More information about the samba
mailing list