1

Topic: Assembling on cifs and secret of the password.

Is RHEL 6.5 out of the domain and there there is a local user user_lin.
There is resource Windows in the domain dom where the domain user user_win (to be exact dom/user_win) has access.
Physically user_lin and user_win is the same person, it is simple in office at Windows there is a domain, and at Linux is not present.
It is necessary this resource with the rights of the user user_win  to RHEL 6.5.
In/etc/fstab we write
//server/dir/dir cifs credentials =/home/user_lin/pass 0 0
In a file/home/user_lin/pass we write
username=user_win
domain=dom
password=pass123
We do to this file it is right 460
4 - that the system could read
6 - that the user could change the password if it changes in the domain
All works perfectly;
BUT
To security police, naturally, such variant is not pleasant, for the password of the user can read root.
I can not find the information in any way as in such situation to store the password in the ciphered type, and it is even better in an implicit place.
Thanks the one who gives .
P.S. To enter Linux into the domain not to offer. It is other history.

2

Re: Assembling on cifs and secret of the password.

Dayas
If lin the machine out of an infrastructure also is not supervised by anybody, except the user, the security police is absolutely right is a storage of the password in an open type.
To be protected from  it is useless. If in office are implemented crypto-tokens, it is possible to store the password on them. And so, the unique decision which I see - to enter the password at connection. I will assume that this user not from top management, worries.

3

Re: Assembling on cifs and secret of the password.

~wildwind ~
Yes here is how time of a problem of top management me do not soar, and I love normal users, their such a little, and it is some connected resources, that is, users should enter every morning the password on 4-5 times.
I do not say that it is necessary from  to be protected, I meant can be eat a method of saving of a password hash, type as in Windows when you cling to a network share of other network - enter the password, tick off to "Remember" and live to myself easy. In Linux I work some years, but never the such faced and did not reflect on such problem, and also the decision here was necessary I can not find that is very strange.

4

Re: Assembling on cifs and secret of the password.

Dayas
Can be eat a method of saving of a password hash, type as in Windows
to save not the problem, but on  Windows does not authorize.
Can the Samba somehow with gnome-keyring ?

5

Re: Assembling on cifs and secret of the password.

~wildwind ~ :
Can the Samba somehow with gnome-keyring ?

And  unless it is not able?

6

Re: Assembling on cifs and secret of the password.

SergVV
I do not know, did not try.

7

Re: Assembling on cifs and secret of the password.

In general, council : it is not necessary to mount to a full-sphere in fstab. Try to be connected to it in the graphic interface in an observer of files.

8

Re: Assembling on cifs and secret of the password.

pam_mount. Did not try, but, speak, helps.

9

Re: Assembling on cifs and secret of the password.

In a graphic mode I do not see a network.
Nfs th, especially cifs-ovskoj.
Probably any service is not launched, because packets all necessary stand.

10

Re: Assembling on cifs and secret of the password.

Dayas :
In a graphic mode I do not see a network.
Nfs th, especially cifs-ovskoj.
Probably any service is not launched, because packets all necessary stand.

the menu "To be connected to the server" or in an address line: smb://server_ip/shared_folder_name.

11

Re: Assembling on cifs and secret of the password.

Really there was no packet gvfs-smb.
But through smb://resources are visible only in the schedule, and in the terminal given already  resources are not visible also all of them equally it is necessary to mount through mount-t cifs.
Plus smb://- remembers the password.
The minus - is visible only in the schedule.
Plus mount-t cifs - is visible both in the schedule and in the terminal.
The minus - does not remember the password.
Horror!
I will make both methods. Let select.

12

Re: Assembling on cifs and secret of the password.

Dayas
From Vicks :

There is a set of command line programs starting with "gvfs-" that lets you run commands (like cat, ls, stat, etc.) on files in the GVfs mounts.
Attached resources are exposed via an URI syntax, for example smb://server01/gamedata or ftp://username:password@ftp.example.net/public_html , but are also mounted in the traditional manner under ~/.gvfs/or/run/user / $ USER/gvfs or $XDG_RUNTIME_DIR/gvfs directory [3 [4] to make them available to applications using standard POSIX commands and I/O.

13

Re: Assembling on cifs and secret of the password.

Dayas :
Really there was no packet gvfs-smb.
But through smb://resources are visible only in the schedule, and in the terminal given already  resources are not visible

As it can be? They should be visible by the way of type ~/.gvfs
Look with the help mount where they are mounted.