[Samba] Encryption

Nico Kadel-Garcia nkadel at gmail.com
Mon Apr 19 05:42:32 MDT 2010


On Sun, Apr 18, 2010 at 9:00 PM, Jeremy Allison <jra at samba.org> wrote:
> On Sun, Apr 18, 2010 at 09:20:54AM -0400, Nico Kadel-Garcia wrote:
>>
>> Samba is a very helpful implementation of CIFS, and I congratulate its
>> authors. But CIFS was *not* built for data security. Encrypting such
>> traffic would be an amazing performance hit on the server side. If you
>> need secure data transfer, and do not need the kind of live sharing
>> that CIFS or UNIX protocols like NFS provide, I'd urge you to use
>> "git" for SSH based access to a central repository with local editing
>> and full source control features. It's still a performance hit over
>> direct file sharing, but it works well for interrupted connections to
>> the primary document source, and I really like it for laptop or remote
>> data center operation.
>
> Ahem. We *do* implement encryption on the CIFS stream in
> the Samba server. Works well with smbclient -e option.
> All it needs is for the kernel client to implement it.
>
> It's not such a bad hit on the server side of things :-).
>
> Jeremy.
>

Thank you, yes, I saw those notes from Volker and simo. This is what I
get for working professionally with old releases. I also noticed that
it relies on Samba 3.2 or later on both ends, and so isn't compatible
with Windows servers or clients or older clients. Now if I can just
shoot all the old versions in use out there. ;'-)


More information about the samba mailing list