You just explain this perfect. I have the same problem. If i could
provide something like this to my users I will be in heaven. I can't be
the ONLY administrator to have full access to every single file.
Even more, in my work, be use a LTSP enviroment. I don't have any user
with hard drive to locally store something, everyone MUST use H:.
Imagine that! I have sooooo many users that says "I don't wanna use
that! TI PEOPLE can see my files!!".
Felix Brack wrote:
It's true (partially) that the administrator has access to all secrets
stored on the server. However the administrator does not _know_ a users
password or samba password. He can of course change those passwords.
This however would be noticed by the user who's password has been
changed and data encrypted with the users former password would still
not decrypt (with the new password) to some meaningful data, right?
If this is correct my requirements would be fulfilled.
I do not know at all how things are running within samba but fact is,
that any user authenticates himself when connecting to a server share
from his client. Wouldn't this be the method to tell a VFS module to
do encryption/decryption with the user's password? As I already
stated, I am aware that things are not that simple but the principle
My PDC is setup to present the user a network drive H: that holds his
home directory; this is great and very simple to configure with samba.
Why not present the user, say network drive Q:, showing the decrypted
contents of a file stored on the server that is encrypted with the
users password? The user wouldn't 'see' any difference between
accessing files on H: or Q:. This would provide a truly transparent
access to encrypted data.
Andrew Bartlett wrote:
AB> We run into issues such as 'how do you key the crypto'. The
AB> administrator has access to any secrets stored on the server, so how
AB> would Samba decrypt the data, but the administrator not?
AB> Without protocol modifications, or some extra client-side tool, this
AB> becomes quite a challenge. And then the administrator could still
AB> subvert the whole thing.
AB> A slightly easier goal would be to protect files on a stolen hard disk
AB> (ie trust the admin, but not always the person with the server), but I
AB> still don't see how to do it without protocol modifications.
AB> Andrew Bartlett
To unsubscribe from this list go to the following URL and read the