[Samba] Re: SWAT

Carlos Rodrigues carlos.efr at mail.telepac.pt
Sun May 15 01:11:48 GMT 2005

Scott Hamm wrote:
> How secure is SWAT in production level?  If it's insecure, can anybody
> explain why that it is not?  I'm running Slackware 10, kernel 2.4.26
> and samba 3.0.4.

Well, that depends on how insecure do you find a service that requires 
you to send your root password through the network in the clear...

However, there are ways around this. You can wrap the connections to 
swat using "stunnel", or you can just restrict swat access to localhost 
and then use it over an ssh tunnel (this is as easy as "ssh 
-L2222:localhost:901 user at sambaserver", so I kind of like it).

Carlos Rodrigues

More information about the samba mailing list