[Samba] VFS for encryption/decryption
guido at lorenzutti.com.ar
Fri Dec 23 11:35:32 GMT 2005
You just explain this perfect. I have the same problem. If i could
provide something like this to my users I will be in heaven. I can't be
the ONLY administrator to have full access to every single file.
Even more, in my work, be use a LTSP enviroment. I don't have any user
with hard drive to locally store something, everyone MUST use H:.
Imagine that! I have sooooo many users that says "I don't wanna use
that! TI PEOPLE can see my files!!".
Felix Brack wrote:
>It's true (partially) that the administrator has access to all secrets
>stored on the server. However the administrator does not _know_ a users
>password or samba password. He can of course change those passwords.
>This however would be noticed by the user who's password has been
>changed and data encrypted with the users former password would still
>not decrypt (with the new password) to some meaningful data, right?
>If this is correct my requirements would be fulfilled.
>I do not know at all how things are running within samba but fact is,
>that any user authenticates himself when connecting to a server share
>from his client. Wouldn't this be the method to tell a VFS module to
>do encryption/decryption with the user's password? As I already
>stated, I am aware that things are not that simple but the principle
>My PDC is setup to present the user a network drive H: that holds his
>home directory; this is great and very simple to configure with samba.
>Why not present the user, say network drive Q:, showing the decrypted
>contents of a file stored on the server that is encrypted with the
>users password? The user wouldn't 'see' any difference between
>accessing files on H: or Q:. This would provide a truly transparent
>access to encrypted data.
>Andrew Bartlett wrote:
>AB> We run into issues such as 'how do you key the crypto'. The
>AB> administrator has access to any secrets stored on the server, so how
>AB> would Samba decrypt the data, but the administrator not?
>AB> Without protocol modifications, or some extra client-side tool, this
>AB> becomes quite a challenge. And then the administrator could still
>AB> subvert the whole thing.
>AB> A slightly easier goal would be to protect files on a stolen hard disk
>AB> (ie trust the admin, but not always the person with the server), but I
>AB> still don't see how to do it without protocol modifications.
>AB> Andrew Bartlett
More information about the samba