[Samba] VFS for encryption/decryption

Felix Brack fb at ltec.ch
Fri Dec 23 08:54:00 GMT 2005

It's true (partially) that the administrator has access to all secrets
stored on the server. However the administrator does not _know_ a users
password or samba password. He can of course change those passwords.
This however would be noticed by the user who's password has been
changed and data encrypted with the users former password would still
not decrypt (with the new password) to some meaningful data, right?

If this is correct my requirements would be fulfilled.

I do not know at all how things are running within samba but fact is,
that any user authenticates himself when connecting to a server share
from his client. Wouldn't this be the method to tell a VFS module to
do encryption/decryption with the user's password? As I already
stated, I am aware that things are not that simple but the principle
should remain.

My PDC is setup to present the user a network drive H: that holds his
home directory; this is great and very simple to configure with samba.
Why not present the user, say network drive Q:, showing the decrypted
contents of a file stored on the server that is encrypted with the
users password? The user wouldn't 'see' any difference between
accessing files on H: or Q:. This would provide a truly transparent
access to encrypted data.



Andrew Bartlett wrote:

AB> We run into issues such as 'how do you key the crypto'.  The
AB> administrator has access to any secrets stored on the server, so how
AB> would Samba decrypt the data, but the administrator not?

AB> Without protocol modifications, or some extra client-side tool, this
AB> becomes quite a challenge.  And then the administrator could still
AB> subvert the whole thing.

AB> A slightly easier goal would be to protect files on a stolen hard disk
AB> (ie trust the admin, but not always the person with the server), but I
AB> still don't see how to do it without protocol modifications.

AB> Andrew Bartlett

More information about the samba mailing list