LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices



Reply
 
Search this Thread
Old 03-23-2006, 08:32 AM   #1
humbletech99
Member
 
Registered: Jun 2005
Posts: 374

Rep: Reputation: 30
Hiding smb mount password in fstab? Hashing?


Hi,
I'm looking for a way to hide my credentials in fstab for lines like
Code:
//hostname/share   smbfs   /mnt/sharename     defaults,username=user%password       0      0
The problem with the above line is that it appears in the process list and that the password is in cleartext. Using credentials=file is a better start but this is still in plaintext. Can't I hash the password with md5 or something?
 
Old 03-24-2006, 10:40 PM   #2
macemoneta
Senior Member
 
Registered: Jan 2005
Location: Manalapan, NJ
Distribution: Fedora x86 and x86_64, Debian PPC and ARM, Android
Posts: 4,593
Blog Entries: 2

Rep: Reputation: 328Reputation: 328Reputation: 328Reputation: 328
The idea is that you create the credentials file with root ownership and exclusive permissions (0600). In other words, only root has access to it. If the person is root, and it's not someone that should have access to the credentials, you have bigger problems.
 
Old 03-25-2006, 07:08 AM   #3
humbletech99
Member
 
Registered: Jun 2005
Posts: 374

Original Poster
Rep: Reputation: 30
This is how I have done it in the past, but it's still possible to read the cleartext password off the disk if you get physical access to the machine, which is all very theoretical but I'm trying to satisfy a security policy that states we may have to cleartext passwords stored anywhere....
 
Old 03-25-2006, 09:37 AM   #4
peter_robb
Senior Member
 
Registered: Feb 2002
Location: Szczecin, Poland
Distribution: Gentoo, Debian
Posts: 2,458

Rep: Reputation: 47
Depending on the timing of the mount, and yours looks like at boot, encrypt any cleartext password files, load them into an iso, then mount the iso before the passwords are required, then unmount it later, eg in rc.local

For the really paranoid, delete them after use, and before rebooting, copy them back from a secure source..
 
Old 03-25-2006, 10:04 AM   #5
humbletech99
Member
 
Registered: Jun 2005
Posts: 374

Original Poster
Rep: Reputation: 30
encrypt any cleartext password files how?

please explain, I can't tell exactly how you intend to do that...
 
Old 03-25-2006, 12:07 PM   #6
macemoneta
Senior Member
 
Registered: Jan 2005
Location: Manalapan, NJ
Distribution: Fedora x86 and x86_64, Debian PPC and ARM, Android
Posts: 4,593
Blog Entries: 2

Rep: Reputation: 328Reputation: 328Reputation: 328Reputation: 328
Encrypting doesn't change the need for a password/pass phrase. If it cannot be stored, then the password will have to be entered at boot. That means that your servers need three-shift operators/administrators to handle failures/reboots, or you have to be able to deal with the resource being unavailable until an administrator arrives.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
smb mount folders disappear on mount & konqueror smb fails: network unreachable tisource Linux - Networking 1 10-17-2007 01:30 AM
SMB mount through fstab Zero-0-Effect Linux - General 2 10-13-2005 11:13 PM
Hiding password in Java command line program simon_w Programming 2 05-02-2005 07:01 AM
smb mount fstab Redouane Benkad Linux - Networking 11 11-27-2004 10:41 PM
Command-line 'adduser': password not hashing Talesin Fedora 0 10-08-2004 09:19 PM


All times are GMT -5. The time now is 11:58 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration